From 1f69da94b684da7ce2ed29604d31bff62fa5c738 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 4 Jan 2025 14:39:11 +0200 Subject: [PATCH] hack/update-expected.sh --- .../cilium-eni/expected-v1alpha2.yaml | 11 +- .../create_cluster/cilium-eni/options.yaml | 2 +- .../complex-private/expected-v1alpha2.yaml | 34 +- .../complex-private/options.yaml | 2 +- .../complex/expected-v1alpha2.yaml | 29 +- .../create_cluster/complex/options.yaml | 2 +- .../create_cluster/ha/expected-v1alpha2.yaml | 29 +- .../create_cluster/ha/options.yaml | 2 +- .../ha_gce/expected-v1alpha2.yaml | 20 +- .../create_cluster/ha_gce/options.yaml | 2 +- .../ha_hetzner/expected-v1alpha2.yaml | 10 +- .../create_cluster/ha_hetzner/options.yaml | 2 +- .../ha_openstack/expected-v1alpha2.yaml | 2 +- .../create_cluster/ha_openstack/options.yaml | 2 +- .../ha_openstack_nodns/expected-v1alpha2.yaml | 2 +- .../ha_openstack_nodns/options.yaml | 2 +- .../expected-v1alpha2.yaml | 2 +- .../ha_openstack_octavia/options.yaml | 2 +- .../ha_shared_zone/expected-v1alpha2.yaml | 19 +- .../ha_shared_zone/options.yaml | 2 +- .../ha_shared_zones/expected-v1alpha2.yaml | 32 +- .../ha_shared_zones/options.yaml | 2 +- .../ingwspecified/expected-v1alpha2.yaml | 16 +- .../create_cluster/ingwspecified/options.yaml | 2 +- .../minimal-1.26-gce/expected-v1alpha2.yaml | 98 - .../minimal-1.29-gce/options.yaml | 7 - .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 2 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 8 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../minimal_feature-gates/options.yaml | 2 +- .../minimal_hetzner/expected-v1alpha2.yaml | 6 +- .../minimal_hetzner/options.yaml | 2 +- .../ngwspecified/expected-v1alpha2.yaml | 16 +- .../create_cluster/ngwspecified/options.yaml | 2 +- .../overrides/expected-v1alpha2.yaml | 11 +- .../create_cluster/overrides/options.yaml | 2 +- .../private/expected-v1alpha2.yaml | 16 +- .../create_cluster/private/options.yaml | 2 +- .../private_gce/expected-v1alpha2.yaml | 10 +- .../create_cluster/private_gce/options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../private_shared_subnets/options.yaml | 2 +- .../shared_subnets/expected-v1alpha2.yaml | 11 +- .../shared_subnets/options.yaml | 2 +- .../expected-v1alpha2.yaml | 11 +- .../shared_subnets_vpc_lookup/options.yaml | 2 +- .../shared_vpc/expected-v1alpha2.yaml | 11 +- .../create_cluster/shared_vpc/options.yaml | 2 +- ...jects.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../aws-lb-controller/in-v1alpha2.yaml | 2 +- .../aws-lb-controller/kubernetes.tf | 4 +- ...ters.bastionuserdata.example.com_user_data | 2 +- ...odes.bastionuserdata.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...rdata.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 31 +- ...aws_s3_object_nodeupconfig-bastion_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../bastionadditional_user-data/kubernetes.tf | 6 +- ...rity-expander-custom.example.com_user_data | 2 +- ...rity-expander-custom.example.com_user_data | 2 +- ...rity-expander-custom.example.com_user_data | 2 +- ...rity-expander-custom.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ustom.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...t_nodeupconfig-nodes-high-priority_content | 33 +- ...ct_nodeupconfig-nodes-low-priority_content | 33 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 +- ...as-priority-expander.example.com_user_data | 2 +- ...as-priority-expander.example.com_user_data | 2 +- ...as-priority-expander.example.com_user_data | 2 +- ...as-priority-expander.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ander.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...t_nodeupconfig-nodes-high-priority_content | 33 +- ...ct_nodeupconfig-nodes-low-priority_content | 33 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 +- ...mplex.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...-1a.masters.compress.example.com_user_data | 2 +- ...plate_nodes.compress.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...press.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/compress/in-v1alpha2.yaml | 2 +- .../update_cluster/compress/kubernetes.tf | 4 +- ...a.masters.containerd.example.com_user_data | 2 +- ...ate_nodes.containerd.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...inerd.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 25 +- .../containerd-custom/in-v1alpha2.yaml | 2 +- .../containerd-custom/kubernetes.tf | 4 +- ...a.masters.containerd.example.com_user_data | 2 +- ...ate_nodes.containerd.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...inerd.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../containerd/in-v1alpha2.yaml | 2 +- .../update_cluster/containerd/kubernetes.tf | 4 +- ...-test-1a.masters.123.example.com_user_data | 2 +- ...h_template_nodes.123.example.com_user_data | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...t_123.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/digit/in-v1alpha2.yaml | 2 +- .../update_cluster/digit/kubernetes.tf | 4 +- ...masters.existing-iam.example.com_user_data | 2 +- ...masters.existing-iam.example.com_user_data | 2 +- ...masters.existing-iam.example.com_user_data | 2 +- ...e_nodes.existing-iam.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...g-iam.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../existing_iam/in-v1alpha2.yaml | 2 +- .../update_cluster/existing_iam/kubernetes.tf | 8 +- ...a.masters.existingsg.example.com_user_data | 2 +- ...b.masters.existingsg.example.com_user_data | 2 +- ...c.masters.existingsg.example.com_user_data | 2 +- ...ate_nodes.existingsg.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ingsg.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../existing_sg/in-v1alpha2.yaml | 2 +- .../update_cluster/existing_sg/kubernetes.tf | 8 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../external_dns/in-v1alpha2.yaml | 2 +- .../update_cluster/external_dns/kubernetes.tf | 4 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../external_dns_irsa/in-v1alpha2.yaml | 2 +- .../external_dns_irsa/kubernetes.tf | 4 +- ...a.masters.externallb.example.com_user_data | 2 +- ...ate_nodes.externallb.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nallb.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../externallb/in-v1alpha2.yaml | 2 +- .../update_cluster/externallb/kubernetes.tf | 4 +- ...ers.externalpolicies.example.com_user_data | 2 +- ...des.externalpolicies.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...icies.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../externalpolicies/in-v1alpha2.yaml | 2 +- .../externalpolicies/kubernetes.tf | 4 +- ...s-test-1a.masters.ha.example.com_user_data | 2 +- ...s-test-1b.masters.ha.example.com_user_data | 2 +- ...s-test-1c.masters.ha.example.com_user_data | 2 +- ...ch_template_nodes.ha.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ct_ha.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/ha/in-v1alpha2.yaml | 2 +- .../update_cluster/ha/kubernetes.tf | 8 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...a-gce.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- ...ect_nodeupconfig-master-us-test1-b_content | 40 +- ...ect_nodeupconfig-master-us-test1-c_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...t1-a-ha-gce-example-com_metadata_user-data | 2 +- ...t1-b-ha-gce-example-com_metadata_user-data | 2 +- ...t1-c-ha-gce-example-com_metadata_user-data | 2 +- ...odes-ha-gce-example-com_metadata_user-data | 2 +- .../update_cluster/ha_gce/in-v1alpha2.yaml | 2 +- .../update_cluster/ha_gce/kubernetes.tf | 8 - ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/irsa/in-v1alpha2.yaml | 2 +- .../update_cluster/irsa/kubernetes.tf | 4 +- ...odes-default.minimal.example.com_user_data | 2 +- ...-machinetype.minimal.example.com_user_data | 2 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...deupconfig-karpenter-nodes-default_content | 33 +- ...karpenter-nodes-single-machinetype_content | 33 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/karpenter/in-v1alpha2.yaml | 2 +- .../update_cluster/karpenter/kubernetes.tf | 16 +- .../lifecycle_phases/in-v1alpha2.yaml | 2 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../many-addons-ccm-irsa/in-v1alpha2.yaml | 2 +- .../many-addons-ccm-irsa/kubernetes.tf | 4 +- .../many-addons-ccm-irsa25/README.md | 9 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 116 - ....kube-system.sa.minimal.example.com_policy | 118 - ....kube-system.sa.minimal.example.com_policy | 26 - ....kube-system.sa.minimal.example.com_policy | 32 - ....kube-system.sa.minimal.example.com_policy | 35 - ....kube-system.sa.minimal.example.com_policy | 91 - ..._policy_masters.minimal.example.com_policy | 137 - ...le_policy_nodes.minimal.example.com_policy | 48 - ...t-1a.masters.minimal.example.com_user_data | 138 - ...s_s3_object_cluster-completed.spec_content | 249 - .../data/aws_s3_object_discovery.json_content | 18 - .../data/aws_s3_object_keys.json_content | 20 - ...cdmanager-events-master-us-test-1a_content | 137 - ...etcdmanager-main-master-us-test-1a_content | 137 - ...-controller.addons.k8s.io-k8s-1.18_content | 253 - ...-csi-driver.addons.k8s.io-k8s-1.17_content | 1209 -- ...-controller.addons.k8s.io-k8s-1.19_content | 1264 -- ...nimal.example.com-addons-bootstrap_content | 215 - ...com-addons-certmanager.io-k8s-1.16_content | 10095 ---------------- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 399 - ...-controller.addons.k8s.io-k8s-1.12_content | 155 - ...-controller.addons.k8s.io-k8s-1.16_content | 225 - ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...rics-server.addons.k8s.io-k8s-1.11_content | 276 - ...ing.amazon-vpc-routed-eni-k8s-1.16_content | 682 -- ...e-termination-handler.aws-k8s-1.11_content | 285 - ...-controller.addons.k8s.io-k8s-1.20_content | 1372 --- ...ect_nodeupconfig-master-us-test-1a_content | 334 - .../aws_s3_object_nodeupconfig-nodes_content | 62 - .../many-addons-ccm-irsa25/in-v1alpha2.yaml | 95 - .../many-addons-ccm-irsa25/kubernetes.tf | 1213 -- .../many-addons-ccm-irsa26/README.md | 9 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 17 - ....kube-system.sa.minimal.example.com_policy | 116 - ....kube-system.sa.minimal.example.com_policy | 118 - ....kube-system.sa.minimal.example.com_policy | 26 - ....kube-system.sa.minimal.example.com_policy | 32 - ....kube-system.sa.minimal.example.com_policy | 35 - ....kube-system.sa.minimal.example.com_policy | 91 - ..._policy_masters.minimal.example.com_policy | 137 - ...le_policy_nodes.minimal.example.com_policy | 48 - ...t-1a.masters.minimal.example.com_user_data | 138 - ...s_s3_object_cluster-completed.spec_content | 256 - .../data/aws_s3_object_discovery.json_content | 18 - .../data/aws_s3_object_keys.json_content | 20 - ...cdmanager-events-master-us-test-1a_content | 137 - ...etcdmanager-main-master-us-test-1a_content | 137 - ...-controller.addons.k8s.io-k8s-1.18_content | 253 - ...-csi-driver.addons.k8s.io-k8s-1.17_content | 1209 -- ...-controller.addons.k8s.io-k8s-1.19_content | 1264 -- ...nimal.example.com-addons-bootstrap_content | 216 - ...com-addons-certmanager.io-k8s-1.16_content | 10095 ---------------- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 399 - ...-controller.addons.k8s.io-k8s-1.12_content | 155 - ...-controller.addons.k8s.io-k8s-1.16_content | 227 - ...rics-server.addons.k8s.io-k8s-1.11_content | 276 - ...ing.amazon-vpc-routed-eni-k8s-1.16_content | 682 -- ...e-termination-handler.aws-k8s-1.11_content | 285 - ...odelocaldns.addons.k8s.io-k8s-1.12_content | 206 - ...-controller.addons.k8s.io-k8s-1.20_content | 1372 --- ...ect_nodeupconfig-master-us-test-1a_content | 334 - .../aws_s3_object_nodeupconfig-nodes_content | 62 - .../many-addons-ccm-irsa26/in-v1alpha2.yaml | 103 - .../many-addons-ccm-irsa26/kubernetes.tf | 1213 -- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../many-addons-ccm/in-v1alpha2.yaml | 2 +- .../many-addons-ccm/kubernetes.tf | 4 +- ...s_s3_object_cluster-completed.spec_content | 16 +- ...nimal.example.com-addons-bootstrap_content | 9 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...1-a-minimal-example-com_metadata_user-data | 2 +- ...des-minimal-example-com_metadata_user-data | 2 +- .../many-addons-gce/in-v1alpha2.yaml | 2 +- .../many-addons-gce/kubernetes.tf | 8 - ....masters.many-addons.example.com_user_data | 2 +- ...te_nodes.many-addons.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ddons.example.com-addons-bootstrap_content | 6 +- ...-autoscaler.addons.k8s.io-k8s-1.15_content | 3 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../many-addons/in-v1alpha2.yaml | 2 +- .../update_cluster/many-addons/kubernetes.tf | 4 +- ...mal.example.com-ASGLifecycle_event_pattern | 1 - ....com-InstanceScheduledChange_event_pattern | 1 - ...mple.com-InstanceStateChange_event_pattern | 1 - ...example.com-SpotInterruption_event_pattern | 1 - ...am_role_masters.minimal.example.com_policy | 10 - ..._iam_role_nodes.minimal.example.com_policy | 10 - ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 1 - ...mplate_nodes.minimal.example.com_user_data | 161 - ...s3_object_etcd-cluster-spec-events_content | 4 - ...s_s3_object_etcd-cluster-spec-main_content | 4 - .../aws_s3_object_kops-version.txt_content | 1 - ...-static-kube-apiserver-healthcheck_content | 33 - ...ons-coredns.addons.k8s.io-k8s-1.12_content | 383 - ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 17 - ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...m-addons-limit-range.addons.k8s.io_content | 15 - ...-storage-aws.addons.k8s.io-v1.15.0_content | 118 - .../aws_s3_object_nodeupconfig-nodes_content | 65 - ...s_sqs_queue_minimal-example-com-nth_policy | 16 - .../update_cluster/minimal-1.25/id_rsa.pub | 1 - ...mal.example.com-ASGLifecycle_event_pattern | 1 - ....com-InstanceScheduledChange_event_pattern | 1 - ...mple.com-InstanceStateChange_event_pattern | 1 - ...example.com-SpotInterruption_event_pattern | 1 - ...am_role_masters.minimal.example.com_policy | 10 - ..._iam_role_nodes.minimal.example.com_policy | 10 - ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 1 - ...mplate_nodes.minimal.example.com_user_data | 161 - ...s3_object_etcd-cluster-spec-events_content | 4 - ...s_s3_object_etcd-cluster-spec-main_content | 4 - .../aws_s3_object_kops-version.txt_content | 1 - ...-static-kube-apiserver-healthcheck_content | 33 - ...ons-coredns.addons.k8s.io-k8s-1.12_content | 383 - ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 17 - ...m-addons-limit-range.addons.k8s.io_content | 15 - ...-storage-aws.addons.k8s.io-v1.15.0_content | 118 - .../aws_s3_object_nodeupconfig-nodes_content | 65 - ...s_sqs_queue_minimal-example-com-nth_policy | 16 - .../update_cluster/minimal-1.26/id_rsa.pub | 1 - ...mal.example.com-ASGLifecycle_event_pattern | 0 ....com-InstanceScheduledChange_event_pattern | 0 ...mple.com-InstanceStateChange_event_pattern | 0 ...example.com-SpotInterruption_event_pattern | 0 ...am_role_masters.minimal.example.com_policy | 0 ..._iam_role_nodes.minimal.example.com_policy | 0 ..._policy_masters.minimal.example.com_policy | 0 ...le_policy_nodes.minimal.example.com_policy | 0 ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 0 ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...s3_object_etcd-cluster-spec-events_content | 0 ...s_s3_object_etcd-cluster-spec-main_content | 0 .../aws_s3_object_kops-version.txt_content | 0 ...cdmanager-events-master-us-test-1a_content | 0 ...etcdmanager-main-master-us-test-1a_content | 0 ...-static-kube-apiserver-healthcheck_content | 0 ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-csi-driver.addons.k8s.io-k8s-1.17_content | 0 ...nimal.example.com-addons-bootstrap_content | 2 +- ...ons-coredns.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.16_content | 0 ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 0 ...m-addons-limit-range.addons.k8s.io_content | 0 ...e-termination-handler.aws-k8s-1.11_content | 0 ...-storage-aws.addons.k8s.io-v1.15.0_content | 0 ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 64 + ...s_sqs_queue_minimal-example-com-nth_policy | 0 .../id_rsa.pub | 0 .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 0 ...mal.example.com-ASGLifecycle_event_pattern | 0 ....com-InstanceScheduledChange_event_pattern | 0 ...mple.com-InstanceStateChange_event_pattern | 0 ...example.com-SpotInterruption_event_pattern | 0 ...am_role_masters.minimal.example.com_policy | 0 ..._iam_role_nodes.minimal.example.com_policy | 0 ..._policy_masters.minimal.example.com_policy | 0 ...le_policy_nodes.minimal.example.com_policy | 0 ...4a6ed9aa889b9e2c39cd663eb9c7157_public_key | 0 ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...s3_object_etcd-cluster-spec-events_content | 0 ...s_s3_object_etcd-cluster-spec-main_content | 0 .../aws_s3_object_kops-version.txt_content | 0 ...cdmanager-events-master-us-test-1a_content | 0 ...etcdmanager-main-master-us-test-1a_content | 0 ...-static-kube-apiserver-healthcheck_content | 0 ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-csi-driver.addons.k8s.io-k8s-1.17_content | 0 ...nimal.example.com-addons-bootstrap_content | 11 +- ...ons-coredns.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.12_content | 0 ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...let-api.rbac.addons.k8s.io-k8s-1.9_content | 0 ...m-addons-limit-range.addons.k8s.io_content | 0 ...e-termination-handler.aws-k8s-1.11_content | 0 ...-storage-aws.addons.k8s.io-v1.15.0_content | 0 ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 64 + ...s_sqs_queue_minimal-example-com-nth_policy | 0 .../id_rsa.pub | 0 .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 - ...l-aws.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 2 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-dns-none/in-v1alpha2.yaml | 2 +- ...masters.minimal-etcd.example.com_user_data | 2 +- ...e_nodes.minimal-etcd.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-etcd.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-etcd/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal-etcd/kubernetes.tf | 4 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-gp3/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal-gp3/kubernetes.tf | 4 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../minimal-ipv6-calico/in-v1alpha2.yaml | 2 +- .../minimal-ipv6-calico/kubernetes.tf | 12 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- .../minimal-ipv6-cilium/in-v1alpha2.yaml | 2 +- .../minimal-ipv6-cilium/kubernetes.tf | 12 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 12 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-ipv6/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal-ipv6/kubernetes.tf | 12 +- ...cluster-name.minimal.example.com_user_data | 2 +- ...cluster-name.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../minimal-longclustername/in-v1alpha2.yaml | 2 +- .../minimal-longclustername/kubernetes.tf | 4 +- ...ers.minimal-warmpool.example.com_user_data | 2 +- ...des.minimal-warmpool.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...mpool.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal-warmpool/in-v1alpha2.yaml | 2 +- .../minimal-warmpool/kubernetes.tf | 4 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...l-gce.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...minimal-gce-example-com_metadata_user-data | 2 +- ...minimal-gce-example-com_metadata_user-data | 2 +- .../minimal_gce/in-v1alpha2.yaml | 2 +- .../update_cluster/minimal_gce/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...l-gce.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...minimal-gce-example-com_metadata_user-data | 2 +- ...minimal-gce-example-com_metadata_user-data | 2 +- .../minimal_gce_dns-none/in-v1alpha2.yaml | 2 +- .../minimal_gce_dns-none/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...e-ilb.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...mal-gce-ilb-example-com_metadata_user-data | 2 +- ...mal-gce-ilb-example-com_metadata_user-data | 2 +- .../minimal_gce_ilb/in-v1alpha2.yaml | 2 +- .../minimal_gce_ilb/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...-name.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...y-long-name-example-com_metadata_user-data | 2 +- ...y-long-name-example-com_metadata_user-data | 2 +- .../in-v1alpha2.yaml | 2 +- .../kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...-name.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...g-name-example-com_metadata_startup-script | 2 +- ...g-name-example-com_metadata_startup-script | 2 +- .../in-v1alpha2.yaml | 2 +- .../minimal_gce_longclustername/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...e-plb.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...mal-gce-plb-example-com_metadata_user-data | 2 +- ...mal-gce-plb-example-com_metadata_user-data | 2 +- .../minimal_gce_plb/in-v1alpha2.yaml | 2 +- .../minimal_gce_plb/kubernetes.tf | 8 - ...s_s3_object_cluster-completed.spec_content | 14 +- ...ivate.example.com-addons-bootstrap_content | 9 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...tadata-proxy.addons.k8s.io-v0.1.12_content | 127 - ...ect_nodeupconfig-master-us-test1-a_content | 40 +- .../aws_s3_object_nodeupconfig-nodes_content | 34 +- ...gce-private-example-com_metadata_user-data | 2 +- ...gce-private-example-com_metadata_user-data | 2 +- .../minimal_gce_private/in-v1alpha2.yaml | 2 +- .../minimal_gce_private/kubernetes.tf | 8 - ...est-1a.masters.minimal.k8s.local_user_data | 2 +- ...template_nodes.minimal.k8s.local_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...minimal.k8s.local-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal_gossip/in-v1alpha2.yaml | 2 +- .../minimal_gossip/kubernetes.tf | 4 +- ...est-1a.masters.minimal.k8s.local_user_data | 2 +- ...template_nodes.minimal.k8s.local_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...minimal.k8s.local-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../minimal_gossip_irsa/in-v1alpha2.yaml | 2 +- .../minimal_gossip_irsa/kubernetes.tf | 4 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...s3_object_nodeupconfig-master-fsn1_content | 34 +- ..._s3_object_nodeupconfig-nodes-fsn1_content | 28 +- .../data/hcloud_server_master-fsn1_user_data | 2 +- .../data/hcloud_server_nodes-fsn1_user_data | 2 +- .../minimal_hetzner/in-v1alpha2.yaml | 2 +- .../minimal_openstack/in-v1alpha2.yaml | 2 +- ...s_s3_object_cluster-completed.spec_content | 14 +- ...odeupconfig-control-plane-fr-par-1_content | 28 +- ...object_nodeupconfig-nodes-fr-par-1_content | 22 +- ...minimal.k8s.local-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ..._server_control-plane-fr-par-1-0_user_data | 2 +- ...instance_server_nodes-fr-par-1-0_user_data | 2 +- .../minimal_scaleway/in-v1alpha2.yaml | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...nodes.mixedinstances.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ances.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../mixed_instances/in-v1alpha2.yaml | 2 +- .../mixed_instances/kubernetes.tf | 8 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...sters.mixedinstances.example.com_user_data | 2 +- ...nodes.mixedinstances.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ances.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- ...ect_nodeupconfig-master-us-test-1b_content | 48 +- ...ect_nodeupconfig-master-us-test-1c_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../mixed_instances_spot/in-v1alpha2.yaml | 2 +- .../mixed_instances_spot/kubernetes.tf | 8 +- ...ssor.longclustername.example.com_user_data | 2 +- ...ssor.longclustername.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...rname.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../nth-imds-processor-irsa/in-v1alpha2.yaml | 2 +- .../nth-imds-processor-irsa/kubernetes.tf | 4 +- ...ssor.longclustername.example.com_user_data | 2 +- ...ssor.longclustername.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...rname.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../nth-imds-processor/in-v1alpha2.yaml | 2 +- .../nth-imds-processor/kubernetes.tf | 4 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/nvidia/in-v1alpha2.yaml | 2 +- .../update_cluster/nvidia/kubernetes.tf | 4 +- .../openstack_floatingip/in-v1alpha2.yaml | 2 +- ...rs.private-shared-ip.example.com_user_data | 2 +- ...es.private-shared-ip.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ed-ip.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../private-shared-ip/in-v1alpha2.yaml | 2 +- .../private-shared-ip/kubernetes.tf | 6 +- ...rivate-shared-subnet.example.com_user_data | 2 +- ...rivate-shared-subnet.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ubnet.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../private-shared-subnet/in-v1alpha2.yaml | 2 +- .../private-shared-subnet/kubernetes.tf | 6 +- ...asters.privatecalico.example.com_user_data | 2 +- ..._nodes.privatecalico.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...alico.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - .../privatecalico/in-v1alpha2.yaml | 2 +- .../privatecalico/kubernetes.tf | 10 +- ...masters.privatecanal.example.com_user_data | 2 +- ...e_nodes.privatecanal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 17 +- ...ect_nodeupconfig-master-us-test-1a_content | 28 +- .../aws_s3_object_nodeupconfig-nodes_content | 19 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...canal.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - .../privatecanal/in-v1alpha2.yaml | 2 +- .../update_cluster/privatecanal/kubernetes.tf | 14 +- ...asters.privatecilium.example.com_user_data | 2 +- ..._nodes.privatecilium.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatecilium-eni/in-v1alpha2.yaml | 2 +- .../privatecilium-eni/kubernetes.tf | 6 +- ...asters.privatecilium.example.com_user_data | 2 +- ..._nodes.privatecilium.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 44 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ilium.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatecilium/in-v1alpha2.yaml | 2 +- .../privatecilium/kubernetes.tf | 6 +- ...ilium.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...rivateciliumadvanced.example.com_user_data | 2 +- ...rivateciliumadvanced.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 42 +- .../aws_s3_object_nodeupconfig-nodes_content | 27 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...anced.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privateciliumadvanced/in-v1alpha2.yaml | 2 +- .../privateciliumadvanced/kubernetes.tf | 6 +- ...edns1.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ....masters.privatedns2.example.com_user_data | 2 +- ...te_nodes.privatedns2.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...edns2.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatedns2/in-v1alpha2.yaml | 2 +- .../update_cluster/privatedns2/kubernetes.tf | 6 +- ...sters.privateflannel.example.com_user_data | 2 +- ...nodes.privateflannel.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 17 +- ...ect_nodeupconfig-master-us-test-1a_content | 28 +- .../aws_s3_object_nodeupconfig-nodes_content | 19 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...annel.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - .../privateflannel/in-v1alpha2.yaml | 2 +- .../privateflannel/kubernetes.tf | 14 +- ...asters.privatekopeio.example.com_user_data | 2 +- ..._nodes.privatekopeio.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...opeio.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../privatekopeio/in-v1alpha2.yaml | 2 +- .../privatekopeio/kubernetes.tf | 6 +- ...nimal.example.com-addons-bootstrap_content | 2 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...masters.sharedsubnet.example.com_user_data | 2 +- ...e_nodes.sharedsubnet.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...ubnet.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../shared_subnet/in-v1alpha2.yaml | 2 +- .../shared_subnet/kubernetes.tf | 4 +- ...1a.masters.sharedvpc.example.com_user_data | 2 +- ...late_nodes.sharedvpc.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...edvpc.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../shared_vpc/in-v1alpha2.yaml | 2 +- .../update_cluster/shared_vpc/kubernetes.tf | 4 +- ...masters.minimal-ipv6.example.com_user_data | 2 +- ...e_nodes.minimal-ipv6.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...-ipv6.example.com-addons-bootstrap_content | 11 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 - ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../shared_vpc_ipv6/in-v1alpha2.yaml | 2 +- .../shared_vpc_ipv6/kubernetes.tf | 12 +- ...1a.masters.unmanaged.example.com_user_data | 2 +- ...late_nodes.unmanaged.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...naged.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + .../update_cluster/unmanaged/in-v1alpha2.yaml | 2 +- .../update_cluster/unmanaged/kubernetes.tf | 6 +- ...t-1a.masters.minimal.example.com_user_data | 2 +- ...mplate_nodes.minimal.example.com_user_data | 2 +- ...s_s3_object_cluster-completed.spec_content | 31 +- ...-controller.addons.k8s.io-k8s-1.18_content | 2 +- ...nimal.example.com-addons-bootstrap_content | 4 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 + ...ect_nodeupconfig-master-us-test-1a_content | 48 +- .../aws_s3_object_nodeupconfig-nodes_content | 33 +- .../update_cluster/vfs-said/in-v1alpha2.yaml | 2 +- .../update_cluster/vfs-said/kubernetes.tf | 4 +- .../amazonvpc-containerd/manifest.yaml | 2 +- .../amazonvpc/manifest.yaml | 2 +- ...oud-controller.addons.k8s.io-k8s-1.18.yaml | 2 +- .../awscloudcontroller/manifest.yaml | 2 +- .../awsiamauthenticator/crd/manifest.yaml | 2 +- .../mappings/manifest.yaml | 2 +- .../coredns/manifest.yaml | 2 +- .../insecure-1.19/manifest.yaml | 9 +- .../metrics-server/secure-1.19/manifest.yaml | 9 +- .../simple/manifest.yaml | 2 +- 933 files changed, 3944 insertions(+), 48362 deletions(-) delete mode 100644 tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml delete mode 100644 tests/integration/create_cluster/minimal-1.29-gce/options.yaml rename tests/integration/create_cluster/{minimal-1.25 => minimal-1.31}/expected-v1alpha2.yaml (84%) rename tests/integration/create_cluster/{minimal-1.25 => minimal-1.31}/options.yaml (76%) rename tests/integration/create_cluster/{minimal-1.26 => minimal-1.32}/expected-v1alpha2.yaml (84%) rename tests/integration/create_cluster/{minimal-1.26 => minimal-1.32}/options.yaml (76%) rename tests/integration/create_cluster/{minimal-1.26-arm64 => minimal-arm64}/expected-v1alpha2.yaml (84%) rename tests/integration/create_cluster/{minimal-1.26-arm64 => minimal-arm64}/options.yaml (84%) rename tests/integration/create_cluster/{minimal-1.29-gce => minimal-gce-dns-none}/expected-v1alpha2.yaml (98%) rename tests/integration/create_cluster/{minimal-1.26-gce-dns-none => minimal-gce-dns-none}/options.yaml (73%) rename tests/integration/create_cluster/{minimal-1.26-gce-dns-none => minimal-gce}/expected-v1alpha2.yaml (89%) rename tests/integration/create_cluster/{minimal-1.26-gce => minimal-gce}/options.yaml (80%) rename tests/integration/create_cluster/{minimal-1.26-irsa => minimal-irsa}/expected-v1alpha2.yaml (85%) rename tests/integration/create_cluster/{minimal-1.26-irsa => minimal-irsa}/options.yaml (50%) delete mode 100644 tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/README.md delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/README.md delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml delete mode 100644 tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf delete mode 100644 tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy delete mode 100755 tests/integration/update_cluster/minimal-1.25/id_rsa.pub delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content delete mode 100644 tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy delete mode 100755 tests/integration/update_cluster/minimal-1.26/id_rsa.pub rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_iam_role_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_iam_role_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_iam_role_policy_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_iam_role_policy_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.31}/data/aws_launch_template_nodes.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_cluster-completed.spec_content (88%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_etcd-cluster-spec-events_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_etcd-cluster-spec-main_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_kops-version.txt_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content (99%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content (85%) create mode 100644 tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/data/aws_sqs_queue_minimal-example-com-nth_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.31}/id_rsa.pub (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.31}/in-v1alpha2.yaml (98%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.31}/kubernetes.tf (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_iam_role_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_iam_role_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_iam_role_policy_masters.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_iam_role_policy_nodes.minimal.example.com_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa25 => minimal-1.32}/data/aws_launch_template_nodes.minimal.example.com_user_data (98%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_cluster-completed.spec_content (88%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_etcd-cluster-spec-events_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_etcd-cluster-spec-main_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_kops-version.txt_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content (99%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content (91%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content (100%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content (98%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content (85%) create mode 100644 tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/data/aws_sqs_queue_minimal-example-com-nth_policy (100%) rename tests/integration/update_cluster/{many-addons-ccm-irsa26 => minimal-1.32}/id_rsa.pub (100%) rename tests/integration/update_cluster/{minimal-1.26 => minimal-1.32}/in-v1alpha2.yaml (98%) rename tests/integration/update_cluster/{minimal-1.25 => minimal-1.32}/kubernetes.tf (98%) delete mode 100644 tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content delete mode 100644 tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content delete mode 100644 tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content diff --git a/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml b/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml index 0fb8616893..2f1a23343e 100644 --- a/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/cilium-eni/expected-v1alpha2.yaml @@ -42,7 +42,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cilium: @@ -71,9 +71,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -91,10 +89,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/cilium-eni/options.yaml b/tests/integration/create_cluster/cilium-eni/options.yaml index aa379db8fe..c5646c327e 100644 --- a/tests/integration/create_cluster/cilium-eni/options.yaml +++ b/tests/integration/create_cluster/cilium-eni/options.yaml @@ -3,4 +3,4 @@ Zones: - us-test-1a CloudProvider: aws Networking: cilium-eni -KubernetesVersion: v1.26.0 \ No newline at end of file +KubernetesVersion: v1.32.0 \ No newline at end of file diff --git a/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml index 6a74922394..f7f535b378 100644 --- a/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/complex-private/expected-v1alpha2.yaml @@ -57,7 +57,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -135,10 +135,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -162,9 +159,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -182,9 +177,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -202,9 +195,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -222,10 +213,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 4 minSize: 4 @@ -244,10 +232,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 @@ -265,10 +250,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 diff --git a/tests/integration/create_cluster/complex-private/options.yaml b/tests/integration/create_cluster/complex-private/options.yaml index 6307945106..eb1ae04d33 100644 --- a/tests/integration/create_cluster/complex-private/options.yaml +++ b/tests/integration/create_cluster/complex-private/options.yaml @@ -15,7 +15,7 @@ Topology: private Bastion: true ControlPlaneCount: 3 NodeCount: 10 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 # We specify SSHAccess but _not_ AdminAccess SSHAccess: - 1.2.3.4/32 diff --git a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml index b0c986c587..0ef003d62b 100644 --- a/tests/integration/create_cluster/complex/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/complex/expected-v1alpha2.yaml @@ -57,7 +57,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -107,9 +107,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -127,9 +125,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -147,9 +143,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: control-plane-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -167,10 +161,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 4 minSize: 4 @@ -189,10 +180,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 @@ -210,10 +198,7 @@ metadata: kops.k8s.io/cluster: complex.example.com name: nodes-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 3 minSize: 3 diff --git a/tests/integration/create_cluster/complex/options.yaml b/tests/integration/create_cluster/complex/options.yaml index 205eeb0bdd..26248bd038 100644 --- a/tests/integration/create_cluster/complex/options.yaml +++ b/tests/integration/create_cluster/complex/options.yaml @@ -13,7 +13,7 @@ NetworkCIDRs: Networking: cni ControlPlaneCount: 3 NodeCount: 10 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 # We specify SSHAccess but _not_ AdminAccess SSHAccess: - 1.2.3.4/32 diff --git a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml index f1e0983fdf..1eef6340ce 100644 --- a/tests/integration/create_cluster/ha/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha/expected-v1alpha2.yaml @@ -52,7 +52,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -87,9 +87,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -107,9 +105,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -127,9 +123,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -147,10 +141,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 @@ -168,10 +159,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 @@ -189,10 +177,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1c spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha/options.yaml b/tests/integration/create_cluster/ha/options.yaml index be1b8f9973..9473cc23d0 100644 --- a/tests/integration/create_cluster/ha/options.yaml +++ b/tests/integration/create_cluster/ha/options.yaml @@ -9,4 +9,4 @@ ControlPlaneZones: - us-test-1c CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml index cef7398682..a98010f6d9 100644 --- a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml @@ -46,7 +46,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -73,7 +73,7 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: control-plane-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -93,7 +93,7 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: control-plane-us-test1-b spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -113,7 +113,7 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: control-plane-us-test1-c spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -133,12 +133,10 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: nodes-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 @@ -155,12 +153,10 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: nodes-us-test1-b spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 @@ -177,12 +173,10 @@ metadata: kops.k8s.io/cluster: ha-gce.example.com name: nodes-us-test1-c spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 diff --git a/tests/integration/create_cluster/ha_gce/options.yaml b/tests/integration/create_cluster/ha_gce/options.yaml index 4545eec363..cc6fd6ba24 100644 --- a/tests/integration/create_cluster/ha_gce/options.yaml +++ b/tests/integration/create_cluster/ha_gce/options.yaml @@ -4,7 +4,7 @@ ControlPlaneZones: - us-test1-a - us-test1-b - us-test1-c -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Networking: cni Project: testproject Zones: diff --git a/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml index 82ee7ba1f4..3b4ca425eb 100644 --- a/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_hetzner/expected-v1alpha2.yaml @@ -45,7 +45,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -71,7 +71,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-fsn1-1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -89,7 +89,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-fsn1-2 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -107,7 +107,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-fsn1-3 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -125,7 +125,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-fsn1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha_hetzner/options.yaml b/tests/integration/create_cluster/ha_hetzner/options.yaml index 0bc0c36d90..d97e2d2f01 100644 --- a/tests/integration/create_cluster/ha_hetzner/options.yaml +++ b/tests/integration/create_cluster/ha_hetzner/options.yaml @@ -1,6 +1,6 @@ CloudProvider: hetzner ClusterName: ha.example.com -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml index ceaf1bec51..b0cd71c363 100644 --- a/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_openstack/expected-v1alpha2.yaml @@ -59,7 +59,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} diff --git a/tests/integration/create_cluster/ha_openstack/options.yaml b/tests/integration/create_cluster/ha_openstack/options.yaml index 3d5c3546cb..e7948a6672 100644 --- a/tests/integration/create_cluster/ha_openstack/options.yaml +++ b/tests/integration/create_cluster/ha_openstack/options.yaml @@ -1,7 +1,7 @@ CloudProvider: openstack ClusterName: minimal.k8s.local Image: ubuntu-20.04 -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml index d77cb26fa7..a5879208f0 100644 --- a/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_openstack_nodns/expected-v1alpha2.yaml @@ -67,7 +67,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: calico: {} diff --git a/tests/integration/create_cluster/ha_openstack_nodns/options.yaml b/tests/integration/create_cluster/ha_openstack_nodns/options.yaml index e2888b95cc..3d911a997c 100644 --- a/tests/integration/create_cluster/ha_openstack_nodns/options.yaml +++ b/tests/integration/create_cluster/ha_openstack_nodns/options.yaml @@ -1,7 +1,7 @@ CloudProvider: openstack ClusterName: ha.example.com Image: ubuntu-20.04 -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml index 96a2fdc856..13c0126ec7 100644 --- a/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_openstack_octavia/expected-v1alpha2.yaml @@ -65,7 +65,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} diff --git a/tests/integration/create_cluster/ha_openstack_octavia/options.yaml b/tests/integration/create_cluster/ha_openstack_octavia/options.yaml index f8af97a05e..b6efc5d04c 100644 --- a/tests/integration/create_cluster/ha_openstack_octavia/options.yaml +++ b/tests/integration/create_cluster/ha_openstack_octavia/options.yaml @@ -1,7 +1,7 @@ CloudProvider: openstack ClusterName: minimal.k8s.local Image: ubuntu-20.04 -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 ControlPlaneCount: 3 NetworkCIDRs: - 10.0.0.0/16 diff --git a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml index 2aa468ea64..26630bdbac 100644 --- a/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zone/expected-v1alpha2.yaml @@ -52,7 +52,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -79,9 +79,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-1 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -99,9 +97,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-2 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -119,9 +115,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-3 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -139,10 +133,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha_shared_zone/options.yaml b/tests/integration/create_cluster/ha_shared_zone/options.yaml index 7b6356fad1..1a012bd11c 100644 --- a/tests/integration/create_cluster/ha_shared_zone/options.yaml +++ b/tests/integration/create_cluster/ha_shared_zone/options.yaml @@ -4,4 +4,4 @@ Zones: ControlPlaneCount: 3 CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml index b36c2dbee8..576ffcf42d 100644 --- a/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ha_shared_zones/expected-v1alpha2.yaml @@ -64,7 +64,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -95,9 +95,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-1 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -115,9 +113,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-2 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -135,9 +131,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1a-3 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -155,9 +149,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1b-1 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -175,9 +167,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: control-plane-us-test-1b-2 spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -195,10 +185,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 @@ -216,10 +203,7 @@ metadata: kops.k8s.io/cluster: ha.example.com name: nodes-us-test-1b spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ha_shared_zones/options.yaml b/tests/integration/create_cluster/ha_shared_zones/options.yaml index af2b10fca9..577a2a6556 100644 --- a/tests/integration/create_cluster/ha_shared_zones/options.yaml +++ b/tests/integration/create_cluster/ha_shared_zones/options.yaml @@ -5,4 +5,4 @@ Zones: ControlPlaneCount: 5 CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml index 29f31f19d6..d1f75814ae 100644 --- a/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ingwspecified/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -72,10 +72,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -93,9 +90,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -113,10 +108,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ingwspecified/options.yaml b/tests/integration/create_cluster/ingwspecified/options.yaml index 97fb3995cb..c7b537c488 100644 --- a/tests/integration/create_cluster/ingwspecified/options.yaml +++ b/tests/integration/create_cluster/ingwspecified/options.yaml @@ -6,4 +6,4 @@ Networking: cni Topology: private Bastion: true Egress: i-09123456 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml deleted file mode 100644 index 1d599483b6..0000000000 --- a/tests/integration/create_cluster/minimal-1.26-gce/expected-v1alpha2.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2017-01-01T00:00:00Z" - name: minimal.example.com -spec: - api: - loadBalancer: - type: Public - authorization: - rbac: {} - channel: stable - cloudConfig: {} - cloudProvider: gce - configBase: memfs://tests/minimal.example.com - etcdClusters: - - cpuRequest: 200m - etcdMembers: - - instanceGroup: control-plane-us-test1-a - name: a - manager: - backupRetentionDays: 90 - memoryRequest: 100Mi - name: main - - cpuRequest: 100m - etcdMembers: - - instanceGroup: control-plane-us-test1-a - name: a - manager: - backupRetentionDays: 90 - memoryRequest: 100Mi - name: events - iam: - allowContainerRegistry: true - legacy: false - kubelet: - anonymousAuth: false - kubernetesApiAccess: - - 0.0.0.0/0 - - ::/0 - kubernetesVersion: v1.26.0 - networking: - cni: {} - nonMasqueradeCIDR: 100.64.0.0/10 - project: testproject - sshAccess: - - 0.0.0.0/0 - - ::/0 - subnets: - - cidr: 10.0.16.0/20 - name: us-test1 - region: us-test1 - type: Public - topology: - dns: - type: None - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2017-01-01T00:00:00Z" - labels: - kops.k8s.io/cluster: minimal.example.com - name: control-plane-us-test1-a -spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 - machineType: e2-medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test1 - zones: - - us-test1-a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2017-01-01T00:00:00Z" - labels: - kops.k8s.io/cluster: minimal.example.com - name: nodes-us-test1-a -spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 - machineType: e2-medium - maxSize: 1 - minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" - role: Node - subnets: - - us-test1 - zones: - - us-test1-a diff --git a/tests/integration/create_cluster/minimal-1.29-gce/options.yaml b/tests/integration/create_cluster/minimal-1.29-gce/options.yaml deleted file mode 100644 index 321bcad03e..0000000000 --- a/tests/integration/create_cluster/minimal-1.29-gce/options.yaml +++ /dev/null @@ -1,7 +0,0 @@ -CloudProvider: gce -ClusterName: minimal.example.com -KubernetesVersion: v1.29.0 -Networking: cni -Project: testproject -Zones: - - us-test1-a diff --git a/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.31/expected-v1alpha2.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-1.31/expected-v1alpha2.yaml index 27efaf1a67..14520fd60b 100644 --- a/tests/integration/create_cluster/minimal-1.25/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.31/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.31.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -67,9 +67,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -87,10 +85,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.25/options.yaml b/tests/integration/create_cluster/minimal-1.31/options.yaml similarity index 76% rename from tests/integration/create_cluster/minimal-1.25/options.yaml rename to tests/integration/create_cluster/minimal-1.31/options.yaml index 8ce23c28fe..de2d35a9ed 100644 --- a/tests/integration/create_cluster/minimal-1.25/options.yaml +++ b/tests/integration/create_cluster/minimal-1.31/options.yaml @@ -3,4 +3,4 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.31.0 diff --git a/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-1.32/expected-v1alpha2.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-1.32/expected-v1alpha2.yaml index a57b24ad10..72cba71267 100644 --- a/tests/integration/create_cluster/minimal-1.26/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-1.32/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -67,9 +67,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -87,10 +85,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26/options.yaml b/tests/integration/create_cluster/minimal-1.32/options.yaml similarity index 76% rename from tests/integration/create_cluster/minimal-1.26/options.yaml rename to tests/integration/create_cluster/minimal-1.32/options.yaml index 18c88770d6..0a838c415c 100644 --- a/tests/integration/create_cluster/minimal-1.26/options.yaml +++ b/tests/integration/create_cluster/minimal-1.32/options.yaml @@ -3,4 +3,4 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 \ No newline at end of file +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-arm64/expected-v1alpha2.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-arm64/expected-v1alpha2.yaml index 57e798ac0b..d86424a61e 100644 --- a/tests/integration/create_cluster/minimal-1.26-arm64/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-arm64/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -67,9 +67,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20241211 machineType: m6g.xlarge maxSize: 1 minSize: 1 @@ -87,10 +85,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-20241211 machineType: m6g.xlarge maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26-arm64/options.yaml b/tests/integration/create_cluster/minimal-arm64/options.yaml similarity index 84% rename from tests/integration/create_cluster/minimal-1.26-arm64/options.yaml rename to tests/integration/create_cluster/minimal-arm64/options.yaml index 1f7f2c4a25..744c96cae4 100644 --- a/tests/integration/create_cluster/minimal-1.26-arm64/options.yaml +++ b/tests/integration/create_cluster/minimal-arm64/options.yaml @@ -3,7 +3,7 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 NodeSizes: - m6g.xlarge ControlPlaneSizes: diff --git a/tests/integration/create_cluster/minimal-1.29-gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-gce-dns-none/expected-v1alpha2.yaml similarity index 98% rename from tests/integration/create_cluster/minimal-1.29-gce/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-gce-dns-none/expected-v1alpha2.yaml index 74b298c6be..c4fc04ff4e 100644 --- a/tests/integration/create_cluster/minimal-1.29-gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-gce-dns-none/expected-v1alpha2.yaml @@ -38,7 +38,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.29.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/options.yaml b/tests/integration/create_cluster/minimal-gce-dns-none/options.yaml similarity index 73% rename from tests/integration/create_cluster/minimal-1.26-gce-dns-none/options.yaml rename to tests/integration/create_cluster/minimal-gce-dns-none/options.yaml index 6d84fb1df3..59b6907dd1 100644 --- a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/options.yaml +++ b/tests/integration/create_cluster/minimal-gce-dns-none/options.yaml @@ -1,7 +1,7 @@ CloudProvider: gce ClusterName: minimal.example.com Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Project: testproject Zones: - us-test1-a diff --git a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-gce/expected-v1alpha2.yaml similarity index 89% rename from tests/integration/create_cluster/minimal-1.26-gce-dns-none/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-gce/expected-v1alpha2.yaml index 1d599483b6..c4fc04ff4e 100644 --- a/tests/integration/create_cluster/minimal-1.26-gce-dns-none/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-gce/expected-v1alpha2.yaml @@ -38,7 +38,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -65,7 +65,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 @@ -85,12 +85,10 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test1-a spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 diff --git a/tests/integration/create_cluster/minimal-1.26-gce/options.yaml b/tests/integration/create_cluster/minimal-gce/options.yaml similarity index 80% rename from tests/integration/create_cluster/minimal-1.26-gce/options.yaml rename to tests/integration/create_cluster/minimal-gce/options.yaml index 5c9e5aaacd..53c745d880 100644 --- a/tests/integration/create_cluster/minimal-1.26-gce/options.yaml +++ b/tests/integration/create_cluster/minimal-gce/options.yaml @@ -1,6 +1,6 @@ CloudProvider: gce ClusterName: minimal.example.com -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Networking: cni Project: testproject Zones: diff --git a/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal-irsa/expected-v1alpha2.yaml similarity index 85% rename from tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml rename to tests/integration/create_cluster/minimal-irsa/expected-v1alpha2.yaml index 17c9ccd8d1..8366a8b018 100644 --- a/tests/integration/create_cluster/minimal-1.26-irsa/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal-irsa/expected-v1alpha2.yaml @@ -41,7 +41,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -71,9 +71,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -91,10 +89,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal-1.26-irsa/options.yaml b/tests/integration/create_cluster/minimal-irsa/options.yaml similarity index 50% rename from tests/integration/create_cluster/minimal-1.26-irsa/options.yaml rename to tests/integration/create_cluster/minimal-irsa/options.yaml index 8e009dd046..608b334459 100644 --- a/tests/integration/create_cluster/minimal-1.26-irsa/options.yaml +++ b/tests/integration/create_cluster/minimal-irsa/options.yaml @@ -3,5 +3,5 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 DiscoveryStore: memfs://tests/minimal.example.com/discovery \ No newline at end of file diff --git a/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml index 05cc16c8aa..4c779a4ca4 100644 --- a/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal_feature-gates/expected-v1alpha2.yaml @@ -64,7 +64,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -91,9 +91,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -111,10 +109,7 @@ metadata: kops.k8s.io/cluster: minimal.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal_feature-gates/options.yaml b/tests/integration/create_cluster/minimal_feature-gates/options.yaml index 766d3f6fd8..e83302b63c 100644 --- a/tests/integration/create_cluster/minimal_feature-gates/options.yaml +++ b/tests/integration/create_cluster/minimal_feature-gates/options.yaml @@ -3,7 +3,7 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 KubernetesFeatureGates: - SELinuxMountReadWriteOncePod - +ReadWriteOncePod diff --git a/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml b/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml index ccd62f5e51..ed2bd56efd 100644 --- a/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/minimal_hetzner/expected-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} @@ -63,7 +63,7 @@ metadata: kops.k8s.io/cluster: minimal.k8s.local name: control-plane-fsn1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 @@ -81,7 +81,7 @@ metadata: kops.k8s.io/cluster: minimal.k8s.local name: nodes-fsn1 spec: - image: ubuntu-20.04 + image: ubuntu-22.04 machineType: cx21 maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/minimal_hetzner/options.yaml b/tests/integration/create_cluster/minimal_hetzner/options.yaml index e206e8251f..de10df143a 100644 --- a/tests/integration/create_cluster/minimal_hetzner/options.yaml +++ b/tests/integration/create_cluster/minimal_hetzner/options.yaml @@ -1,6 +1,6 @@ CloudProvider: hetzner ClusterName: minimal.k8s.local -KubernetesVersion: v1.25.0 +KubernetesVersion: v1.32.0 NetworkCIDRs: - 10.0.0.0/16 Networking: cni diff --git a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml index 5d17009d68..8a688d9d47 100644 --- a/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/ngwspecified/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -72,10 +72,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -93,9 +90,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -113,10 +108,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/ngwspecified/options.yaml b/tests/integration/create_cluster/ngwspecified/options.yaml index 79ff8af57f..50ad830885 100644 --- a/tests/integration/create_cluster/ngwspecified/options.yaml +++ b/tests/integration/create_cluster/ngwspecified/options.yaml @@ -6,4 +6,4 @@ Networking: cni Topology: private Bastion: true Egress: nat-09123456 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml index f1ada8bfd7..e938324352 100644 --- a/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/overrides/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -70,9 +70,7 @@ metadata: kops.k8s.io/cluster: overrides.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -90,10 +88,7 @@ metadata: kops.k8s.io/cluster: overrides.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/overrides/options.yaml b/tests/integration/create_cluster/overrides/options.yaml index c1a4113200..0daa7cac04 100644 --- a/tests/integration/create_cluster/overrides/options.yaml +++ b/tests/integration/create_cluster/overrides/options.yaml @@ -3,6 +3,6 @@ Zones: - us-test-1a CloudProvider: aws Networking: cni -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 Sets: - cluster.spec.nodePortAccess=1.2.3.4/32,10.20.30.0/24 diff --git a/tests/integration/create_cluster/private/expected-v1alpha2.yaml b/tests/integration/create_cluster/private/expected-v1alpha2.yaml index 1e8c636df6..dba9cefe4a 100644 --- a/tests/integration/create_cluster/private/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private/expected-v1alpha2.yaml @@ -44,7 +44,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 172.20.0.0/16 networking: cni: {} @@ -75,10 +75,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.micro maxSize: 1 minSize: 1 @@ -99,9 +96,7 @@ spec: additionalSecurityGroups: - sg-exampleid3 - sg-exampleid4 - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -122,10 +117,7 @@ spec: additionalSecurityGroups: - sg-exampleid - sg-exampleid2 - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/private/options.yaml b/tests/integration/create_cluster/private/options.yaml index 67c3438308..c1273284f6 100644 --- a/tests/integration/create_cluster/private/options.yaml +++ b/tests/integration/create_cluster/private/options.yaml @@ -11,5 +11,5 @@ NodeSecurityGroups: ControlPlaneSecurityGroups: - sg-exampleid3 - sg-exampleid4 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 cloudLabels: "Owner=John Doe,dn=\"cn=John Doe: dc=example dc=com\", foo/bar=fib+baz" diff --git a/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml index 1f1abdcd48..df7b691043 100644 --- a/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_gce/expected-v1alpha2.yaml @@ -43,7 +43,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -70,7 +70,7 @@ metadata: kops.k8s.io/cluster: private.example.com name: bastions spec: - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-micro maxSize: 1 minSize: 1 @@ -93,7 +93,7 @@ spec: additionalSecurityGroups: - sg-exampleid3 - sg-exampleid4 - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-standard-2 maxSize: 1 minSize: 1 @@ -116,12 +116,10 @@ spec: additionalSecurityGroups: - sg-exampleid - sg-exampleid2 - image: ubuntu-os-cloud/ubuntu-2004-focal-v20240607 + image: ubuntu-os-cloud/ubuntu-2204-jammy-v20240607 machineType: e2-medium maxSize: 1 minSize: 1 - nodeLabels: - cloud.google.com/metadata-proxy-ready: "true" role: Node subnets: - us-test1 diff --git a/tests/integration/create_cluster/private_gce/options.yaml b/tests/integration/create_cluster/private_gce/options.yaml index 47a41f2809..b31fc1870c 100644 --- a/tests/integration/create_cluster/private_gce/options.yaml +++ b/tests/integration/create_cluster/private_gce/options.yaml @@ -11,7 +11,7 @@ NodeSecurityGroups: ControlPlaneSecurityGroups: - sg-exampleid3 - sg-exampleid4 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 cloudLabels: "Owner=John Doe,dn=\"cn=John Doe: dc=example dc=com\", foo/bar=fib+baz" Project: testproject GCEServiceAccount: test-account@testproject.iam.gserviceaccount.com diff --git a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml index fc731b7a24..4f5af56341 100644 --- a/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/private_shared_subnets/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -74,9 +74,7 @@ metadata: kops.k8s.io/cluster: private-subnets.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -94,10 +92,7 @@ metadata: kops.k8s.io/cluster: private-subnets.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/private_shared_subnets/options.yaml b/tests/integration/create_cluster/private_shared_subnets/options.yaml index 7ad395653d..cc973b95fa 100644 --- a/tests/integration/create_cluster/private_shared_subnets/options.yaml +++ b/tests/integration/create_cluster/private_shared_subnets/options.yaml @@ -9,4 +9,4 @@ SubnetIDs: - subnet-1 UtilitySubnetIDs: - subnet-2 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml index 95ce09a183..49077f5582 100644 --- a/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -69,9 +69,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -89,10 +87,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/shared_subnets/options.yaml b/tests/integration/create_cluster/shared_subnets/options.yaml index bfafd2f251..da14ab62b3 100644 --- a/tests/integration/create_cluster/shared_subnets/options.yaml +++ b/tests/integration/create_cluster/shared_subnets/options.yaml @@ -6,4 +6,4 @@ Networking: cni NetworkID: vpc-12345678 SubnetIDs: - subnet-1 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml index 95ce09a183..49077f5582 100644 --- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -69,9 +69,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -89,10 +87,7 @@ metadata: kops.k8s.io/cluster: subnet.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml b/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml index f30402fb47..63dc81b1c6 100644 --- a/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml +++ b/tests/integration/create_cluster/shared_subnets_vpc_lookup/options.yaml @@ -5,4 +5,4 @@ CloudProvider: aws Networking: cni SubnetIDs: - subnet-1 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml index e952f6b71c..a87f907e1e 100644 --- a/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml +++ b/tests/integration/create_cluster/shared_vpc/expected-v1alpha2.yaml @@ -40,7 +40,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/12 networkID: vpc-12345678 networking: @@ -68,9 +68,7 @@ metadata: kops.k8s.io/cluster: vpc.example.com name: control-plane-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: m3.medium maxSize: 1 minSize: 1 @@ -88,10 +86,7 @@ metadata: kops.k8s.io/cluster: vpc.example.com name: nodes-us-test-1a spec: - image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20241112 - instanceMetadata: - httpPutResponseHopLimit: 1 - httpTokens: required + image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20241211 machineType: t2.medium maxSize: 1 minSize: 1 diff --git a/tests/integration/create_cluster/shared_vpc/options.yaml b/tests/integration/create_cluster/shared_vpc/options.yaml index 3604533d7f..a0662e1d61 100644 --- a/tests/integration/create_cluster/shared_vpc/options.yaml +++ b/tests/integration/create_cluster/shared_vpc/options.yaml @@ -4,4 +4,4 @@ Zones: CloudProvider: aws Networking: cni NetworkID: vpc-12345678 -KubernetesVersion: v1.26.0 +KubernetesVersion: v1.32.0 diff --git a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content index 9ef25df35f..78b4514364 100644 --- a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 47a89521a20f66f307f308c2e0132647e4bbbac39e5d06bfa34cf965158a20aa + manifestHash: 09d2410e4611ace55db925f141becb316a6fe389651bcaab44f411682d5e8195 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 7da82a1949..11089980f5 100644 --- a/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/additionalobjects/data/aws_s3_object_additionalobjects.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 065af6f94a..cb15ab86d2 100644 --- a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e4f26aac0617f5d44e6804859641bc0f132e5e06a719d920aac606b675ee42e6 + manifestHash: b62375cdbb115294bd688408cd8d863ada8d8d6790cb3c48fc83ab3bcba8bfae name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index bdb2ef2677..7068abf776 100644 --- a/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/apiservernodes/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7..a7e5ee4cd8 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bc..26c4acec16 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content index 54a65826bd..41e41b3593 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -82,10 +82,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -111,10 +108,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -136,13 +130,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -155,9 +146,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -168,7 +156,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -178,9 +166,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 2428e49a08..4266ad0f06 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 35e1da5cf6..e1ec56fdc7 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 156782e82a0be1accfe863bf7f7552f7deb1982820356c5f6cbc8947cc34d530 + manifestHash: 4a3f87c3d96f6fd9fc43032c2b6f52135fabc91bec8e421df4b59e81325b0e68 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade7..54a6828c9d 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbd..da75b50a11 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml b/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml index e43afc5a3c..62d42f9959 100644 --- a/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/aws-lb-controller/in-v1alpha2.yaml @@ -26,7 +26,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf b/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf index 7caae56604..6a821909d2 100644 --- a/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf +++ b/tests/integration/update_cluster/aws-lb-controller/kubernetes.tf @@ -581,7 +581,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -663,7 +663,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data index c370ab83c0..a8855918fe 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: bastionuserdata.example.com ConfigBase: memfs://clusters.example.com/bastionuserdata.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: cFGsAAqYrwM7b8sg8ARyUvrQ/X1mCS1wq1IuxNHlcbE= +NodeupConfigHash: rL99cT4OyYW0C0ynhksxGSyeoJW7y7woK5oVKp7ByUU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data index cf7447afc6..f21a980c53 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data @@ -162,7 +162,7 @@ ConfigServer: - https://kops-controller.internal.bastionuserdata.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: GBq6HoXAbWL91+sbYN2UBHutnOTPqZ4YF4eubbNjGsk= +NodeupConfigHash: emMDqx0i80CCXdQsMgdrlX2q3VseHfmCIMw4+mYQM+g= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 261d429fd6..a12964bb61 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content index fc33dc5f52..ec4cf31c0b 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 294552bb6222305240b7ab21f19f93ddf4e8e57bd6c14b768f16670a9ec0430c + manifestHash: 1694d90ed4cf5dfb3ddc064cb0389773c16bde0b5c429bb530fab95dbc619489 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 45a4e4473c930b3efea5de43e999d1c35ae45a0ea1d8eec58362564b40d1e25a + manifestHash: 1f045fe2bedb93e9a2d836affe5955914ee3972ba7985622644460525e843001 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b5cc5a3b91..58926cb571 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_bastionuserdata.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content index 937b98eba7..6824517f4b 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: bastionuserdata.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: bastionuserdata.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content index 0e3ebea727..ab14429a50 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-bastion_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: {} KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -55,7 +54,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a995929db0..4118b32b42 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: bastionuserdata.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/bastionuserdata.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/bastionuserdata.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content index 63d1a86a00..0cc23fc7f7 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml b/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml index 4430912552..62532a52da 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/bastionadditional_user-data/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterInternalName: api.internal.bastionuserdata.example.com masterPublicName: api.bastionuserdata.example.com networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index ff18bd35ae..46012ac231 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-bastionuserdata-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -638,7 +638,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -720,7 +720,7 @@ resource "aws_launch_template" "nodes-bastionuserdata-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data index 8415546f84..19ac1de929 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander-custom.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: cas-priority-expander-custom.example.com ConfigBase: memfs://clusters.example.com/cas-priority-expander-custom.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: b2xNUpnVA9+OHxycc5ZxoOaYX0WauMvhVCZbOHYhWSg= +NodeupConfigHash: pSDEbIsX2TutbPcJW+i3FfhHJYzRyigYMcLePHMB7sg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data index 06f4b4a57f..ddd3caf958 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-high-priority.cas-priority-expander-custom.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/ InstanceGroupName: nodes-high-priority InstanceGroupRole: Node -NodeupConfigHash: 3S0kO0rn8/IeZUrZftL7DVYj+3R6xDMIb4Ntoz8LYwI= +NodeupConfigHash: XmGPgFRA+OhH2coAsnrakNhDx6usiD6V41C5u9SY060= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data index d6b10fd4c2..dc6c3ca172 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes-low-priority.cas-priority-expander-custom.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/ InstanceGroupName: nodes-low-priority InstanceGroupRole: Node -NodeupConfigHash: 3S0kO0rn8/IeZUrZftL7DVYj+3R6xDMIb4Ntoz8LYwI= +NodeupConfigHash: XmGPgFRA+OhH2coAsnrakNhDx6usiD6V41C5u9SY060= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data index 22ebd82a40..277ec7bacf 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_launch_template_nodes.cas-priority-expander-custom.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander-custom.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 3S0kO0rn8/IeZUrZftL7DVYj+3R6xDMIb4Ntoz8LYwI= +NodeupConfigHash: XmGPgFRA+OhH2coAsnrakNhDx6usiD6V41C5u9SY060= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index dd8a368b45..b6093a779e 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content index 5ecac44d27..6e853f25a2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 63a30d15901dec0b8d6a53372c2065ca80532558d74b770441416255057fe738 + manifestHash: a51d1c3ddc4aec4749104b032300e9c0ff96ddb4c2f6342d6ae0cea253d7c80b name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: e4817b8481df3f556c19999b552e60c6305ce8063481c6ec5d987f225aa686ad + manifestHash: a3dabf22247ebe9511c5714760fffbe206397f265fe710caa73b6162678f3f68 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: d77743ada468524073fc615bbe04f0175d1fb8648b46a012c78ec68340919868 + manifestHash: 27c567b9d768681e944e8ee35915ee796d6bfdb6b6a40b83defafc236b3dc543 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index d7205fcbe4..e796e1c552 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -359,6 +359,7 @@ spec: - --nodes=2:2:nodes-low-priority.cas-priority-expander-custom.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -373,7 +374,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 8e1e6a14b8..98c4c7775e 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cas-priority-expander-custom.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content index 2b84a79cf4..d088d5ea49 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_cluster-completed.spec_content @@ -19,7 +19,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander-custom.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -38,7 +38,7 @@ spec: enabled: true expander: priority ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -53,8 +53,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -101,10 +101,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -130,10 +127,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander-custom.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -155,13 +149,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -173,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -186,7 +174,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: cgroupDriver: systemd cgroupRoot: / @@ -195,9 +183,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 87dd13e55b..f43095141e 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander-custom.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/cas-priority-expander-custom.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/cas-priority-expander-custom.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content index 27c5091158..68e320c351 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-high-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content index 27c5091158..68e320c351 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes-low-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content index 27c5091158..68e320c351 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml index 92982f09e1..9f99910594 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterInternalName: api.internal.cas-priority-expander-custom.example.com masterPublicName: api.cas-priority-expander-custom.example.com networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf index 96ba2d72ec..45c60c0570 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/kubernetes.tf @@ -536,7 +536,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-cas-priority-expander- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -618,7 +618,7 @@ resource "aws_launch_template" "nodes-cas-priority-expander-custom-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-high-priority-cas-priority-expander-custom http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -764,7 +764,7 @@ resource "aws_launch_template" "nodes-low-priority-cas-priority-expander-custom- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data index 29e14cc396..47d6c3b771 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_master-us-test-1a.masters.cas-priority-expander.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: cas-priority-expander.example.com ConfigBase: memfs://clusters.example.com/cas-priority-expander.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: esCkj8xtANMAq+yucbrXCk+MO2IXoC6224YmTA+HOaA= +NodeupConfigHash: 2i3Echy2jd9quqT4bMoIwCrXNtsAxxqPsxCPNDtnN/k= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data index 75d8eb4942..d8d0c7cb93 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-high-priority.cas-priority-expander.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander.example.com:3988/ InstanceGroupName: nodes-high-priority InstanceGroupRole: Node -NodeupConfigHash: df729KN5+gvvqaKyGX1Phg5EnmFTHt0M+RCCyN9ON94= +NodeupConfigHash: JPyeSn18V3EwaQubqiDkWXF1m+XUi1F+f1mSMxoUC+U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data index 1b658888c4..56b2948ad6 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes-low-priority.cas-priority-expander.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander.example.com:3988/ InstanceGroupName: nodes-low-priority InstanceGroupRole: Node -NodeupConfigHash: df729KN5+gvvqaKyGX1Phg5EnmFTHt0M+RCCyN9ON94= +NodeupConfigHash: JPyeSn18V3EwaQubqiDkWXF1m+XUi1F+f1mSMxoUC+U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data index fc712b0213..e840be3b34 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_launch_template_nodes.cas-priority-expander.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.cas-priority-expander.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: df729KN5+gvvqaKyGX1Phg5EnmFTHt0M+RCCyN9ON94= +NodeupConfigHash: JPyeSn18V3EwaQubqiDkWXF1m+XUi1F+f1mSMxoUC+U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cafcfdbd4b..19a85c7399 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content index c5d09152c3..f2877cd4d1 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 44653c3144f0052549bd0170c3c8e6741d75c36657c8044bd2b1c3f0fa6dd2b9 + manifestHash: 771a9de7123190df88616ce7a5e37a5ca268f634700ea27e77cce38b043675c2 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 8c697d6e92263502eeeb637b47669c5fbb3ba11cd82c90a653cddb42060e7fe5 + manifestHash: 29605e5dcd67d0676c67d06dc59a3aaf5e28ecc6a4d8682956b928664b684fd2 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: baf97022915623f284558e7a4bbb6c8133c7151790378fe6abd6bd1ad4de7963 + manifestHash: 30f6c531ae7120d5e17febfe5b83012290af8aa76b3fb862f2a1aa8d4c91973a name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 3a6c1d387b..5206cd063f 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -359,6 +359,7 @@ spec: - --nodes=2:2:nodes-low-priority.cas-priority-expander.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -373,7 +374,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a056b0c7d7..ab66b2565c 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cas-priority-expander.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content index 5369855aa7..4e01f8b5ca 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_cluster-completed.spec_content @@ -19,7 +19,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,7 +31,7 @@ spec: enabled: true expander: priority ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -46,8 +46,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -94,10 +94,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -123,10 +120,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -148,13 +142,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,9 +157,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -179,7 +167,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: cgroupDriver: systemd cgroupRoot: / @@ -188,9 +176,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 8b7e4ac0f2..27d351ca94 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: cas-priority-expander.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/cas-priority-expander.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/cas-priority-expander.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content index 5de6befd84..216a27e8a2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-high-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content index 5de6befd84..216a27e8a2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes-low-priority_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content index 5de6befd84..216a27e8a2 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml index 215df88e6f..3a3dc54507 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/in-v1alpha2.yaml @@ -23,7 +23,7 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterInternalName: api.internal.cas-priority-expander.example.com masterPublicName: api.cas-priority-expander.example.com networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf index 1edbb44622..db0d3a3259 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/kubernetes.tf @@ -536,7 +536,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-cas-priority-expander- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -618,7 +618,7 @@ resource "aws_launch_template" "nodes-cas-priority-expander-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-high-priority-cas-priority-expander-exampl http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -764,7 +764,7 @@ resource "aws_launch_template" "nodes-low-priority-cas-priority-expander-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content index 73038598b5..4fd8cfa035 100644 --- a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 57d08e67490a6c9d0994fd7b19fc0cc5ee6883d43c7a8e640c05e8955d8c1395 + manifestHash: 022a4e85b0c9ae9d0208b8cea644862492da7eaf30bb698bae38f01c8e72097d name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index cf1cd8eb60..161973441f 100644 --- a/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/complex/data/aws_s3_object_complex.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data index 14dffc6b86..c960640181 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data @@ -133,7 +133,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/2zOwUrEMBDG8XueInfpxkLXQ8CLQddFLFXwAWbTaV3MZEImcbc+vUhPBe//H9/nAtdxyPx9HjFbDRdRLlQpmHsgtNozpYwiO7wCpYA7z6Qcx+k8P4Cg1YQ0iTXGr2oTmn/1MUqB6PGQuaZ1heDPNlWaglKaFrbROwe02nEsmcMQIKLqecSa1iPPIJ9WC566p5ufrqI7XB8vGY6309fb8tpTPdHc7g0vHy/tfpjvunv1CwAA//8BAAD///gdAzn3AAAA" | base64 -d | gzip -d > conf/kube_env.yaml +echo "H4sIAAAAAAAA/2zOwUoDMRDG8XueInfZrlYPJeBBI9sG2VIEFb2N2Wl3IZMJmUTt24vsaaH3/4/vs4HrcMj8PQ2YjYYfUTZUKZj3QGi0Z0oZRVb4C5QCrjyTshyP0+kRBI0mpKOYtvWzWoTtRe2iFIget5lrmlcI/m1TpSkopbmBZfTCAY22HEvmcAgQUe15wJrmIzuQ0ej3Mzy54E6fm86tv/r+anvbw/l5Q93D3es6j7GLY6nTx9vu+l79AQAA//8BAAD//7W6aH33AAAA" | base64 -d | gzip -d > conf/kube_env.yaml download-release echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data b/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data index 651f97f097..83f4363f35 100644 --- a/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data +++ b/tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data @@ -133,7 +133,7 @@ function download-release() { echo "== nodeup node config starting ==" ensure-install-dir -echo "H4sIAAAAAAAA/6yUSY+yWBiF9/4K9uYrERTBpBYvo2CBTELhDuEyKPPgVdM/viPVyZdOVzqdTrFgcU7us3jz5AhFPcZmV9/yGHVbIsT9TCjGfkCdEZZoS0R12XSo79/QPSybAr1FdTkT6irJUwd1N9RtZwQhgIC6IU/yKBxQvyX+mBEEQfx6fbykqAYhSLaryqoArjSlU6+rKn++CALYeQpY5SFVdbkBo+VF1nBEloKjowOpCE6rOOqZFi2JF/ARdD69yxc4ThA+NTwedFf0h2VQeo9z6ZGnT30IKAnvssjQLxI2nkDrYoQPImD/lT1/ZxNkKi4Q6HaAZQhEz7JECS+72NeKqFwXseI9P3wj02WMRSvQ9vVJzW6RAZbE8xaIE8TBgB3QeDBklX52pHtlr13vszd8SfTmqR0K32KZJXNT6MAMqRZSdeOt6j1OPPKhpssJchnmOyZZmQt8NcF0TTexG059sPVOkmRMCoAlgNAQdAmwmAaiZ5MmWLsFD5YIqaR8HRZYBZbHWMISv8CWrIPOQ8LinTU9OPB8IMmGQj+9ixt9FBoWe2212HOit9nX2RH+gvzz8kBKwLMxSScBhTf+vkkOFNeqFLduRkpYRSEHuaccmtSJ2AkylFbfMl10H2h33p3XLGd6w5Ms8SLau/fDlUl3lCAI88cueVD4/f23N5Ihfm/N/7XqVjoheYAiKD/3P2uVq1PfW/UqfswqXWbkVXiKG0Tax+bxuIZ84+OTUOFzkmSBcsDzpGfs+GM8thtLMEqtXEjtZoL4/uGZ64GYq5xzjopGnDNWrpEGLbVN4x1/0KoPtWwYsC+mCDumytR5H/neQFvcufpXqzzLu6/14zCCipA5mly9Xt6HxqUcRr4lOautVOFeFV9qcvzmKFJjn0WebA4hqj84JRnZMFjtNR61bbquL8WqLe3KzS7/xap+WrL+NWW/iGwYmn67WFzrpv8V1dXQ1UWBure8GlBXhcXbd5O4pTmWXczUqh/CKkJKV4/N14BWdYz6vxd2XaAtYdQxmr1+Y/O1p7uwz7YEvYxX3GeUbzK9P1HN5qSNLsb27rDmVHflI5E/65QPN30Zvc/+BAAA//8BAAD//xXbKsO+BQAA" | base64 -d | gzip -d > conf/kube_env.yaml +echo "H4sIAAAAAAAA/6yUS4+ySBiF9/4K9qZbBEUw6cULFIgKgtw+eodQIMr9YqmZHz+RnuTLZDqTyaRZsDgn9SzePDlSXg2x2Va3LMbtmgpJN5Hyoetxa4QFXlNRVdQt7rp3fA+LOsfvUVVMpKpMstTG7Q236wlFSSDhts+SLAp73K2pPyYURVFvr09EqmZQEjo6mqJJ4KAxHXtd08TTRZLgmKVANBFSTVdqMBpR5g1b5hlwbR1oVbIb1dZOrGwhUSIu6GJ6Vy7gjhAxNTwRdEf2+3lQeI9T4dGfv/Q+YBDZnCNDvyBiPIHV5YgcZCD+K3v+zkbIWFwg0I8BUSCQPcuSEZm3sb/No2KZx6r33PvGWVcIka1gu6s+tfMtMsBComiBPEJsAsSGrQiGorHPlnau/LXtfP5GLoleP7eH3Ld4bs7dVDYwQ6aBVFt5i2pHEo9+aOl8hFz66YZLFuaMXE0wHdNJjrWgPfhqg5BCaAkIAggNSUdA5DSQvSNtgrWZiWDJkCL167DAqzB3Y0SQOCOWooMuQsKTjTU+OIhigBRDZZ/exYn2+ZbI3XYx2wmyt9pVZxf+gvzz8kAjEPmYZpOAISt/VycHRmg0RljWAyMtolCAzFMPdWpH/AjpC6truDa696wzbU9LXjC9/kkXZBbtnPvhyqUbRpKk6WOTPBjy8fHbG2TI31vzf626FXZIHyAPil+7n7XK0ZnvrXoVP2aVrnDKIvyMa0wf3frxuIZi7ZNPqSSnJDkH6oFMk447xvvBbVaWZBTbYoaa1Qjx/cMz0wM50wT7FOW1POWsbEsbLGrq2nN/0Kq9VtQcHC+mDBuuPGvTLvK9nrWEU/mvVnmWd1/qbj+AhrE5mEK1nN/72mFsTrklGb9daNK9zL/UFMSVKzNDd448xexDXO0FNRn4MFjstiJumnRZXfJFUxxL53z5L1Z145J1ryl7o859X3fr2exa1d1bVJV9W+U5bt+zssdtGebv303imhV4fjbRyq4PywirbTXUXwNaVjHu/l4cqxyvKaOK8eT1G+qvPd2E3XlN3V0x3Q1IULIQqzGfzE0n4dkH2rDX5Lm/YXRaJFw37/Ql/zH5EwAA//8BAAD//3YkSOK+BQAA" | base64 -d | gzip -d > conf/kube_env.yaml download-release echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content index 56b3e867ef..b349bb4e06 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: compress.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: compress.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 32b0aac15b..d399a03535 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content index 84c500cbcd..0d26526ff6 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: b92122b7cb0f950d70e8fed8eb1e686ee62f92dd02a359fdbcf49cdaf1a1e718 + manifestHash: 675d5b2b967ee5b133673810b2e100de9bb4eb2f71245b7cfb63a5b0ababaef5 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: ca6e8220c2c6a1d783eb82a73acb44f1b1217295a4300a3c5d59420e5b27daf5 + manifestHash: 64daeefa90d1765aab82d7d6d18b4505470fd26195eaddcb2214061e8f6b8bed name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 60beff7dea..53977fc869 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_compress.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 187f3ba9db..7d46aff06f 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: compress.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/compress.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/compress.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content index 381bbf51d2..375aaf5120 100644 --- a/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/compress/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/compress/in-v1alpha2.yaml b/tests/integration/update_cluster/compress/in-v1alpha2.yaml index 5d594d6968..465453ad5d 100644 --- a/tests/integration/update_cluster/compress/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/compress/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.compress.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index d8bebc7c3f..18c46d7bdc 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -409,7 +409,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -490,7 +490,7 @@ resource "aws_launch_template" "nodes-compress-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data index 5fc68c4525..d6da57f0f4 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: containerd.example.com ConfigBase: memfs://clusters.example.com/containerd.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: kpe8YTTVpxXn3WbTrJD51Bx9uWmtf8rHAB3mELryCtk= +NodeupConfigHash: Fk0Z0LX4F97yxFclNpjCZ4Q/kfs3PZDFzZrW1bdsgBc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data index 4a35938eca..a6d0cd2641 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd-custom/data/aws_launch_template_nodes.containerd.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.containerd.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: hTzhctgyEwYBENFX+168zIbaUI9aLdGx2FSp+4u75RU= +NodeupConfigHash: /CFSyohFA0EcUoZIwMS/ZW3E2+JOFD4/fIZjrO5qZc4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content index dcac79dd07..3612d9d9d0 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -35,9 +35,9 @@ spec: docker.io: - https://registry-1.docker.io runc: - version: 1.1.5 + version: 1.1.14 skipInstall: true - version: 1.6.20 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -86,10 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -115,10 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -140,13 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -159,9 +150,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -172,7 +160,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -182,9 +170,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 17d93e234a..73b6979e02 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content index c9c5412cea..95f899736c 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e3f8c9578b80de05a1afa561201c9ed2588380c3383708ad51d84edcfed5fb6e + manifestHash: 8dc45870ed3d29af43c3dee1d64202ff3e39950ba4481afb6eaa7cdf6c00e9f9 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3e43bde29ecc7fbfa6175dd8f1269afb778b80023f24f8d4ef0a7e170d5a1987 + manifestHash: b287966b61b338807b247e3a65ee78a87c9e735789a5620280603e735d8dd021 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 796c3017ea..c97d427dd9 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a4748649de..60a3372539 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,16 +56,18 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 @@ -233,19 +232,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +269,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -287,9 +280,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -304,7 +294,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -325,9 +315,9 @@ containerdConfig: docker.io: - https://registry-1.docker.io runc: - version: 1.1.5 + version: 1.1.14 skipInstall: true - version: 1.6.20 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/containerd.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/containerd.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content index 61e9a1cbc1..f168d8463b 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/containerd-custom/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,13 +1,15 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} ClusterName: containerd.example.com @@ -20,7 +22,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -31,9 +33,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -44,7 +43,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -60,8 +59,8 @@ containerdConfig: docker.io: - https://registry-1.docker.io runc: - version: 1.1.5 + version: 1.1.14 skipInstall: true - version: 1.6.20 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml b/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml index 47265a3d2f..bc49c6a3ba 100644 --- a/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/containerd-custom/in-v1alpha2.yaml @@ -32,7 +32,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.containerd.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/containerd-custom/kubernetes.tf b/tests/integration/update_cluster/containerd-custom/kubernetes.tf index 93c340843b..f03b72e480 100644 --- a/tests/integration/update_cluster/containerd-custom/kubernetes.tf +++ b/tests/integration/update_cluster/containerd-custom/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-containerd-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-containerd-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data b/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data index 2aa7b014f8..157fa2b090 100644 --- a/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd/data/aws_launch_template_master-us-test-1a.masters.containerd.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: containerd.example.com ConfigBase: memfs://clusters.example.com/containerd.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: hiw+6M2NNFGZnFHsU4jfB7w+3LQfcvenbBNjv279MpM= +NodeupConfigHash: y5Txw+9oWz0Z5eJghIX0Vu87y5w4vxfFF+G8KD0EOeY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data b/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data index 5c910a5cf8..71fa11b9d2 100644 --- a/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data +++ b/tests/integration/update_cluster/containerd/data/aws_launch_template_nodes.containerd.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.containerd.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: xOxs5o6qwTTLWWpkWpw6WIvfClv4JpWeZRvyXjvGSlw= +NodeupConfigHash: BGSYI0zevZfhljdty6pSD7jGigImvKiwX9TAIXDZ2e4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content index f96bc35cca..92f93dc39f 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 17d93e234a..73b6979e02 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content index c9c5412cea..95f899736c 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e3f8c9578b80de05a1afa561201c9ed2588380c3383708ad51d84edcfed5fb6e + manifestHash: 8dc45870ed3d29af43c3dee1d64202ff3e39950ba4481afb6eaa7cdf6c00e9f9 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3e43bde29ecc7fbfa6175dd8f1269afb778b80023f24f8d4ef0a7e170d5a1987 + manifestHash: b287966b61b338807b247e3a65ee78a87c9e735789a5620280603e735d8dd021 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 796c3017ea..c97d427dd9 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_containerd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index ff9092b8c0..38cce43c33 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: containerd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/containerd.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/containerd.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content index c204b6d9a1..54b848c960 100644 --- a/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/containerd/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/containerd/in-v1alpha2.yaml b/tests/integration/update_cluster/containerd/in-v1alpha2.yaml index 4885fe0ebf..c6ec4968c4 100644 --- a/tests/integration/update_cluster/containerd/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/containerd/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.containerd.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/containerd/kubernetes.tf b/tests/integration/update_cluster/containerd/kubernetes.tf index 93c340843b..f03b72e480 100644 --- a/tests/integration/update_cluster/containerd/kubernetes.tf +++ b/tests/integration/update_cluster/containerd/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-containerd-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-containerd-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data b/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data index c3c91eac03..6557a485af 100644 --- a/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data +++ b/tests/integration/update_cluster/digit/data/aws_launch_template_master-us-test-1a.masters.123.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: 123.example.com ConfigBase: memfs://clusters.example.com/123.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 95PJjSO3CGrmQ/HQID24bLCCe81QSyzJEhqC6cHtiXk= +NodeupConfigHash: MZRNfoINx9Nrlf5N/qCkWQILVXPxcMw4MwGtg9nxoGE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data b/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data index 7e357a1824..a7ea8fe703 100644 --- a/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data +++ b/tests/integration/update_cluster/digit/data/aws_launch_template_nodes.123.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.123.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: aOX5nAbRyHetP0h7sBDoM6qnL1gQK82EendRvLp/b/w= +NodeupConfigHash: +FlZZS/WtbHs4o24n2ckGmwSp/4rvrhie0ys4kuBeHs= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index e7b85ee440..22dd2e680a 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content index eaa7b10938..fc30f17bcb 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 4ef72e9dcf72c1003d36b820eefbe31b683f6bd05b8bf86e3ee6738d16641ad5 + manifestHash: 97fd321be3f88b559bcfb11c7758731490e03dd0ec8ebd1cefdb6f01e3694d96 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 92bec712a6ac27647d81a27c7adf8d9d1087bd2c1a073252f35d33d38263a167 + manifestHash: 952de454a0bcfa3df79dc5033e7147143d8041fe6288dddca5952815d739911b name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a963dd45aa..f1154b02d7 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_123.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content index 0b8a3781b6..6bb4ea9127 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: 123.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -99,10 +99,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -128,10 +125,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: 123.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,13 +147,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -172,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -185,7 +173,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -195,9 +183,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index ad0b281eef..5e5ba6dbc9 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: 123.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/123.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/123.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content index cabde62cf6..093670cd37 100644 --- a/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/digit/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/digit/in-v1alpha2.yaml b/tests/integration/update_cluster/digit/in-v1alpha2.yaml index 8ecb21f35e..447b1773b8 100644 --- a/tests/integration/update_cluster/digit/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/digit/in-v1alpha2.yaml @@ -43,7 +43,7 @@ spec: ] kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.123.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/digit/kubernetes.tf b/tests/integration/update_cluster/digit/kubernetes.tf index 31b8114956..46b4f95e9a 100644 --- a/tests/integration/update_cluster/digit/kubernetes.tf +++ b/tests/integration/update_cluster/digit/kubernetes.tf @@ -496,7 +496,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-123-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -578,7 +578,7 @@ resource "aws_launch_template" "nodes-123-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data index ec35ec1b3f..b70d99c3c7 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existing-iam.example.com ConfigBase: memfs://tests/existing-iam.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: u86xTIyexBtvuyd47DysOCsHJSGhsK4QQ34GRBg9DpA= +NodeupConfigHash: 9zXGp9TDdaSxVixdPZzSu0Gb8kTYNZsnuNumRGFkOeg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data index ec9717129d..432768d379 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existing-iam.example.com ConfigBase: memfs://tests/existing-iam.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: rmNSr60VPHM4QN2vhVv2agHesoCUx4CjE1fHSJr2Lhk= +NodeupConfigHash: fcEASE9IMIxhGut8r+xlRkR0Ig3HXRuUOtAbnJfdMbE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data index 4ff28b692c..fc20d1b378 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existing-iam.example.com ConfigBase: memfs://tests/existing-iam.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: sQ+r8F6nuXkvj8T+tlzLT3oGeMV5UwJQixw1kHiwmo8= +NodeupConfigHash: ITwUZGEq2egFFab8U1GLxS3NRM0cK5+xi2Rh3wdgEfU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data index aa5d058521..afc578f0f6 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data +++ b/tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.existing-iam.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: iU/r1fYKN7jkZu/xmLM7kZjGynyX1JNGYRHtZOKKhi8= +NodeupConfigHash: iQHZqUcsEQax9u9VDo7GrCLd9AZ7g3UUB3LQOm5aBGY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content index da77333a79..5fd2cb92b5 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 0990bab166..8dbc96f02e 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content index 7702a2c7f0..ea43d91e65 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d0d3f655eb1fd7ae7c57a697f4204dac9864e6c24c849d9b745213f24071a435 + manifestHash: 7c2b8c178485f121eea63180d22d0e2a257989a68bf3ef10298dc808eb439b95 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 097730fc2debd4a7b838f6a139b692dd267c75dc96c716ed85c72731a77eecfa + manifestHash: 3276348a558c4f0ca6b15792770af74674eda55e863e90434470cd08c5dc9ff0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 5433a29b76..da1f45a737 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_existing-iam.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 69d4573d15..e1261f012c 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/existing-iam.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/existing-iam.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index 94b94e914c..1312de9469 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/existing-iam.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://tests/existing-iam.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index e7892cce26..f540e064ab 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existing-iam.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/existing-iam.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://tests/existing-iam.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content index a43a20c5f9..96c57c6eb5 100644 --- a/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/existing_iam/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml b/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml index 5ccbad24cd..5e8649d220 100644 --- a/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/existing_iam/in-v1alpha2.yaml @@ -31,7 +31,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.existing-iam.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index 45818fe25c..9285a014fb 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -572,7 +572,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -658,7 +658,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -744,7 +744,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -826,7 +826,7 @@ resource "aws_launch_template" "nodes-existing-iam-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data index d1774fc19f..ab20317f29 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existingsg.example.com ConfigBase: memfs://clusters.example.com/existingsg.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ICdjxZrIVr68jzZXOtTqFSYwQwhDPg3GrXWchsSFctw= +NodeupConfigHash: hTCzKngvsHFZhel+r7eSUn1kepx6RYyGZUuAyKTBHZY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data index 606455f8d7..67d1799cf4 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existingsg.example.com ConfigBase: memfs://clusters.example.com/existingsg.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: idFFl4fjaqAO14k8DnVbhPMTCUpatGJojbRhhspOEVs= +NodeupConfigHash: Ye94ZtvwW3+dNLI5AmLV0TkSjseeouZHWa5jvnuiAok= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data index 3f91d23898..cd7e19c6a3 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: existingsg.example.com ConfigBase: memfs://clusters.example.com/existingsg.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: XgMBw88ZVFMLkKu6oxQenbGzOIMRngJVCvir0tUHhbQ= +NodeupConfigHash: BxcHXsz22Y3Ef27QbinI3L9zrf3EQBm8Hqc7pDUQZEA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data index 68cc790925..bba8a547d4 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data +++ b/tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.existingsg.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: K5+mTeoXPRLuy3jHWMKTkOCqNEsF3nonD71OjBR0W44= +NodeupConfigHash: DVcmZ3dGxI89AKvVrvZtOT3beuMqojFOOankBQtILq8= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content index 942d890b4f..738a39eeba 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_cluster-completed.spec_content @@ -21,7 +21,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -30,8 +30,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -88,10 +88,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -117,10 +114,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -142,13 +136,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -161,9 +152,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -174,7 +162,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -184,9 +172,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 2c84048517..c2f0987e37 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content index bb53abdf12..0da6e5608c 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e9e70138100b93ba52bd7cc60f86cb1aa011b13e86881a52af0ab1d02cf210c6 + manifestHash: c84fce0d1b3be7d5dba30a817aa3c79abd854b26172b6595223331dcf3927a51 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: c79a5710aeff701677dd1a97609e03ea4abc040c28ed46a944bd799f4a68a0a8 + manifestHash: 9e1e695cd4a4f7c6f39a15c7b49b590b36305a4324d9adb481f9e384a753131f name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 1d085686e4..b52923d0e3 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_existingsg.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 4a7dd0df98..f51bc4e083 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index 8a32a4b871..15137ddaa3 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index 5cea523342..06032742b6 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: existingsg.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://clusters.example.com/existingsg.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content index c420f537c5..7b3608d400 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/existing_sg/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml b/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml index 373801210e..91b36bd078 100644 --- a/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/existing_sg/in-v1alpha2.yaml @@ -32,7 +32,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.existingsg.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 706bf2574e..1774bdb037 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -675,7 +675,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -761,7 +761,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -847,7 +847,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -929,7 +929,7 @@ resource "aws_launch_template" "nodes-existingsg-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 1f0b3cef24..5edf11700e 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Arj9CPYPT79nVe1Uju7SKarwPhrwxdpEn3bezaNlNUo= +NodeupConfigHash: u7Gr0XwgMUCmXNEG29SnW1+ljmUinf8gdvYeTKvzNFA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bc..26c4acec16 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content index 2bbc6f112d..ccdc11bfd6 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 127c779aa8..9a86a8d11a 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e45b55f9ac..1b8293d4ee 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbd..da75b50a11 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/external_dns/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml b/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml index c4604d1ebf..81fce2f7f7 100644 --- a/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/external_dns/in-v1alpha2.yaml @@ -23,7 +23,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/external_dns/kubernetes.tf b/tests/integration/update_cluster/external_dns/kubernetes.tf index 2779e3b0c6..6f54ecaa8a 100644 --- a/tests/integration/update_cluster/external_dns/kubernetes.tf +++ b/tests/integration/update_cluster/external_dns/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7..a7e5ee4cd8 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bc..26c4acec16 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content index 09f19a3f11..9046bd2ceb 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -78,10 +78,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -107,10 +104,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -132,13 +126,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -151,9 +142,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -164,7 +152,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -174,9 +162,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 2428e49a08..4266ad0f06 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 53ca7c3b6e..fc6e56d0a8 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 156782e82a0be1accfe863bf7f7552f7deb1982820356c5f6cbc8947cc34d530 + manifestHash: 4a3f87c3d96f6fd9fc43032c2b6f52135fabc91bec8e421df4b59e81325b0e68 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade7..54a6828c9d 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbd..da75b50a11 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml index fb979744bf..2e39ecc1e4 100644 --- a/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/external_dns_irsa/in-v1alpha2.yaml @@ -24,7 +24,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf b/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf index 43ab2fc4eb..90b3a8630f 100644 --- a/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf +++ b/tests/integration/update_cluster/external_dns_irsa/kubernetes.tf @@ -553,7 +553,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -635,7 +635,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data index f31aa90038..f6325b1515 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: externallb.example.com ConfigBase: memfs://clusters.example.com/externallb.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: sKPCXRg8rW45b5xY/U/wYx32kzi/JiPBozxFb5/osG4= +NodeupConfigHash: mpuGpuqHnMxqUagcAZtJOuCcYKqb08jANg7HzR3FjxM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data b/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data index 730f2b38bb..87db82315d 100644 --- a/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data +++ b/tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.externallb.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: MPu8JszFdqU/JAAKeVVua8kgtZRRXPULCS1vdOo6xfw= +NodeupConfigHash: 5PAjJjkqRAbpDlUSYAWVqRDwGjPSWxxGieRqQDz334U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content index a8f65ce01f..19354631fb 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externallb.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externallb.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index c83a40b4b7..d9d7d88871 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content index a4dc6338b1..06dbcdc4a2 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 7702864fb9b93cb6d31cad64beea4e759e54a85ab537e298c7b0dd19abd429e7 + manifestHash: 2be25c0967747ded555228a19d643bca64f1519a28e27a4fca2ab6570297767e name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3c267d62e3ee9624f0f2bbcc1fcc0b464069856137d3ce1fe5147b415f9f376f + manifestHash: b74d9e391a0c063476c6c98f641eaeacc2cb2c4a4db77b7e27449929820cdacd name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index f4151252aa..0b26ef4f0f 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_externallb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 315167b190..b72f014ae6 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: externallb.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/externallb.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/externallb.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content index 1a0ccd0063..75d268ee42 100644 --- a/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/externallb/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/externallb/in-v1alpha2.yaml b/tests/integration/update_cluster/externallb/in-v1alpha2.yaml index fc3cee67b6..b0a594f2cd 100644 --- a/tests/integration/update_cluster/externallb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/externallb/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.externallb.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index 29e3c0ab8d..8716480764 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -424,7 +424,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -506,7 +506,7 @@ resource "aws_launch_template" "nodes-externallb-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data index d6eb31e387..a9598d81a8 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: externalpolicies.example.com ConfigBase: memfs://clusters.example.com/externalpolicies.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: WNeE2nmO7nfvvXbn3ZiIrqytPPsSNY3Zk8A+DSnuCl4= +NodeupConfigHash: zPjN9DAMzZNL8AKaLuKcd7xMWQGDBSWI3Ttva2pzTAI= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data index 9e70752f6f..308c74d30f 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data +++ b/tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.externalpolicies.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: OtfMRLXfdxwQmbtF5Xph6i0U5baqhcZrPzmK/AH38E4= +NodeupConfigHash: 8HWB6dcUV5F+agsCBEmTyCxhpgpaUXkz2M0r4UJaNWY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content index 409af05567..1d620953d0 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_cluster-completed.spec_content @@ -23,7 +23,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externalpolicies.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudLabels: @@ -35,8 +35,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -93,10 +93,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -123,10 +120,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: externalpolicies.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -148,13 +142,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -167,9 +158,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -180,7 +168,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -190,9 +178,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 59e898a35e..84b8ea1722 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content index 306dca1b2e..5e5493e631 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 98bf6993eb5637cd1fb1c05a921eeca94de3c844737ac309ee00c3ba262746a4 + manifestHash: e9ef976dbcb885a7d76997b277529ed21f97005b889b94ba6c5ffb3b84f2acf1 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: c44d66758862980fcef80da7353e7c892db81a67f7317fce0c8457c5a73d9f09 + manifestHash: 44f77f314b679ce3ab9bffa05492cbdd02c3f6b9bbc86e8b64d22d14371e4887 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index e89b728133..974c01bac6 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_externalpolicies.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 386bf654e8..db1f582636 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,21 +57,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: externalpolicies.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -283,7 +276,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -294,9 +287,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -311,7 +301,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -325,8 +315,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/externalpolicies.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/externalpolicies.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content index 93b3747a03..dab7cd7618 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/externalpolicies/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml b/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml index dbef9b48fd..063a42c063 100644 --- a/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/externalpolicies/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: auditWebhookBatchThrottleQps: 3.14 kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.externalpolicies.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index d5d1d191d8..0c5f26ca82 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -506,7 +506,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -594,7 +594,7 @@ resource "aws_launch_template" "nodes-externalpolicies-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = true diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data index 390fec9417..b39aa2667b 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: ha.example.com ConfigBase: memfs://tests/ha.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: EzSpxxRLzWtK+CbGfDPI4vxzNcHx0PcuB//B7bDqNDE= +NodeupConfigHash: cQJkf48Er7RhgMKJ00PxgeLzOOnoVnduhT49MU/FJT0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data index 0444dafbdb..9050191a2f 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1b.masters.ha.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: ha.example.com ConfigBase: memfs://tests/ha.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: ZTYbGGnIdTitKLmjPFN1lsRwwIf2+PTdTXxQaD4+LRc= +NodeupConfigHash: RAtSaINio1LthAUuE+3n6JVXSzgAsrKltV9xlD5EIqQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data index 4c006d76ad..5ec28090cb 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1c.masters.ha.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: ha.example.com ConfigBase: memfs://tests/ha.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: HA1a6rZR7IvYHsGnKf0B9/bTwCW/EayNTFIIL53tQwk= +NodeupConfigHash: W6rMDBmED7Dmbdz4JX+kUF+/vMdP5xu/qy8bxs4Y0tY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data b/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data index 6cf5f3401e..b23b0bcc0f 100644 --- a/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data +++ b/tests/integration/update_cluster/ha/data/aws_launch_template_nodes.ha.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.ha.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: NGrM/RooWL4bH8+59gljwPe9ZqiNUG/RlXjolz8mYR0= +NodeupConfigHash: DT/rKNMmea0qA8ToqS6Ewrbsk+rn5JEEVlFF0YH4dYw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content index 66faa6f69a..039d934311 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 03ff1d8e9f..aa99fdc3ca 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content index 1d49e2c7ad..96c969945b 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: a75bd64e71564e800ddc37239eb21d29648aa5e823a68f188576aede4f3d2486 + manifestHash: d4ddb4783b06f20dc94c0b4e2831589b28b68b63105622ef2a6dca823f7f31ad name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 6c1ebf0302eeb4b0e9dddb8038970e4439247b30270617326530fb2cb89016b9 + manifestHash: 89ce618efe06faf4d7129435593d2ad826d346281a6b1cc3527d7c7fca292ed5 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a1424f31aa..9df33ea5fe 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_ha.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 2e71c9519f..ea211abebd 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/ha.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index 691f6bc9ab..909111ffad 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://tests/ha.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index 78abbea092..18cd4d75ec 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://tests/ha.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content index 6342721e2c..83ed7c7309 100644 --- a/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/ha/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/ha/in-v1alpha2.yaml b/tests/integration/update_cluster/ha/in-v1alpha2.yaml index 28dee20550..186d4e32e8 100644 --- a/tests/integration/update_cluster/ha/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/ha/in-v1alpha2.yaml @@ -31,7 +31,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.ha.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index 4142e237d6..cb4ca62dd0 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -644,7 +644,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -730,7 +730,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -816,7 +816,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -898,7 +898,7 @@ resource "aws_launch_template" "nodes-ha-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content index 014c64bcac..d8f6406a3b 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_cluster-completed.spec_content @@ -32,8 +32,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -94,7 +94,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -120,7 +120,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -142,10 +142,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -170,7 +170,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content index e84db611d8..a2363737fc 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 271ef5c3504ca02dc202a802e01d5013daab731ffe1f021254d1679eb5615ef9 + manifestHash: 457f69c307d16dda4de136ab9eac6d74966928eb658f04661dfda267306c7c03 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 002dac69385a975a8a2c4182981033e05880031c179dd1459ee569076cdce654 diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 4b608ca575..08b75cdf86 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index 4718787ac4..c5537d3ac6 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha-gce.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/ha-gce.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content index 2ef0f07346..b62b8cee00 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-b_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha-gce.example.com/manifests/etcd/main-master-us-test1-b.yaml - memfs://tests/ha-gce.example.com/manifests/etcd/events-master-us-test1-b.yaml diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content index e05ff6dfb5..80be1565ff 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-master-us-test1-c_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: ha-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/ha-gce.example.com/manifests/etcd/main-master-us-test1-c.yaml - memfs://tests/ha-gce.example.com/manifests/etcd/events-master-us-test1-c.yaml diff --git a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content index aa8046d0fe..6cf6e332f7 100644 --- a/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/ha_gce/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: ha-gce-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data index 20494da436..f015b4dc05 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: ha-gce.example.com ConfigBase: memfs://tests/ha-gce.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: iaC3YRyrpaqRGZoKq/evZi13FpDe5TE80WMSe0oiLGo= +NodeupConfigHash: 7PNwUsmybZ7/eXLy+qUhCJ6782nGgsrFaYw2BDQIQws= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data index e5ca4a618a..d4abeca368 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: ha-gce.example.com ConfigBase: memfs://tests/ha-gce.example.com InstanceGroupName: master-us-test1-b InstanceGroupRole: ControlPlane -NodeupConfigHash: Ccz0pGhkAcbcB2swFhBjbP/I9g1iaxXifbYHltSWGBE= +NodeupConfigHash: gTE9O0dXuUSUvLEIoRFBG6TnwYIAUltlMIeOJZ5Fgs8= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data index b08f6a7c9b..29971c9254 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: ha-gce.example.com ConfigBase: memfs://tests/ha-gce.example.com InstanceGroupName: master-us-test1-c InstanceGroupRole: ControlPlane -NodeupConfigHash: ANBxpXGickkt0KsGZvF2GjrCL7klXJcuEz7p/KLkyo0= +NodeupConfigHash: 25EQ7g5FcCcmr9PYgb7fUOCjIeV+KXidKv4tItli78o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data index 323ea152d0..604b6df0c8 100644 --- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.ha-gce.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: qeQTOKt0hOOaYdUKV4uuU/tWbk77g7CZAyAVrqYwKmY= +NodeupConfigHash: TOl9HcykFXBuFNu7zWlixyvlejbroYxFJkYTzz5YNgs= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml b/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml index 8b9baa2621..578e76d3e5 100644 --- a/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/ha_gce/in-v1alpha2.yaml @@ -41,7 +41,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.ha-gce.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/ha_gce/kubernetes.tf b/tests/integration/update_cluster/ha_gce/kubernetes.tf index 40ff4a6445..93acd239a8 100644 --- a/tests/integration/update_cluster/ha_gce/kubernetes.tf +++ b/tests/integration/update_cluster/ha_gce/kubernetes.tf @@ -114,14 +114,6 @@ resource "aws_s3_object" "ha-gce-example-com-addons-limit-range-addons-k8s-io" { server_side_encryption = "AES256" } -resource "aws_s3_object" "ha-gce-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_ha-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/ha-gce.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "ha-gce-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_ha-gce.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7..a7e5ee4cd8 100644 --- a/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bc..26c4acec16 100644 --- a/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/irsa/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content index da3ba0353b..a0381939c6 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -106,10 +106,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -135,10 +132,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -160,13 +154,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -179,9 +170,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -192,7 +180,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -202,9 +190,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 0b152f4462..f2c98a7ed7 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -163,7 +163,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade7..54a6828c9d 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbd..da75b50a11 100644 --- a/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/irsa/in-v1alpha2.yaml index fd97f6f917..edd24a014d 100644 --- a/tests/integration/update_cluster/irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/irsa/in-v1alpha2.yaml @@ -50,7 +50,7 @@ spec: ] kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/irsa/kubernetes.tf b/tests/integration/update_cluster/irsa/kubernetes.tf index 112bb705f8..8359814bb8 100644 --- a/tests/integration/update_cluster/irsa/kubernetes.tf +++ b/tests/integration/update_cluster/irsa/kubernetes.tf @@ -523,7 +523,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -605,7 +605,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data index dc7defd1d2..96be6eb29a 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-default.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: karpenter-nodes-default InstanceGroupRole: Node -NodeupConfigHash: ThzoNo9Ktdabk+6L9GWga+JWV54y0W4sgJHyC0S9dQ4= +NodeupConfigHash: myDpVyw9F9Loqr3HZgRy0bq8s+galSbWbcNsisEQuZA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data index 18ca62e6cf..5dd48992cd 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_karpenter-nodes-single-machinetype.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: karpenter-nodes-single-machinetype InstanceGroupRole: Node -NodeupConfigHash: OZyPvkIjT8onFAjEwNUEf2haFcA3ScarJDKAq0bI2o4= +NodeupConfigHash: 2bRuHslaVUHA1FFCWCmMtg2IsLz+6dfd8EN1KHa1m7o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index fa02d0a3a3..a7e5ee4cd8 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 6QxBduIpSUWtdkR6H4KTFTIgcolfbWIOoJXTQSE5Gxw= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data index 3dc6021665..26c4acec16 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/karpenter/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: DgVcevdZDeKN4KKXD40vZtsZ6ADW2yQcl9DxNKFBefk= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content index 2d1c8189d9..5d827482f4 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -86,10 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -115,10 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -140,13 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -159,9 +150,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -172,7 +160,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -182,9 +170,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 35999cfd3b..4266ad0f06 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 03355d6523..234dc009a7 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: be10a82bf6700fed6f6d802e94e4407481768da7c5e014e0635776a69b7972ef + manifestHash: 4a3f87c3d96f6fd9fc43032c2b6f52135fabc91bec8e421df4b59e81325b0e68 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content index 03101100e6..c4da647f86 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-default_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeReserved: cpu: 500m memory: 1G @@ -58,7 +57,7 @@ KubeletConfig: systemReserved: cpu: 500m memory: 1G -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -66,7 +65,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content index 107f9dbb13..23c4ae56b6 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-karpenter-nodes-single-machinetype_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -51,7 +50,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9117fdb487..54a6828c9d 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content index b0a63894bd..da75b50a11 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/karpenter/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml b/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml index c21d91061c..1c0c4b6d88 100644 --- a/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/karpenter/in-v1alpha2.yaml @@ -27,7 +27,7 @@ spec: memoryLimit: 2Gi kubelet: anonymousAuth: false - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/karpenter/kubernetes.tf b/tests/integration/update_cluster/karpenter/kubernetes.tf index 4ebefd3b9d..e727e859df 100644 --- a/tests/integration/update_cluster/karpenter/kubernetes.tf +++ b/tests/integration/update_cluster/karpenter/kubernetes.tf @@ -576,7 +576,7 @@ resource "aws_launch_template" "karpenter-nodes-default-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -651,7 +651,7 @@ resource "aws_launch_template" "karpenter-nodes-single-machinetype-minimal-examp http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -731,7 +731,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -813,7 +813,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1024,14 +1024,6 @@ resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml b/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml index b8654412ea..74caa264f9 100644 --- a/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/lifecycle_phases/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.lifecyclephases.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 08f404efeb..3f69ffee7c 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: qeqe1ZpOLeenSmM8YqswgsyWRzNuWD4dU3Faf4p6MiU= +NodeupConfigHash: 1nicqRNjC4DpqbF3P95kThouWz7/N/8sMWPFtHzBTaM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data index d07e053bbf..cba14213d9 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: NHK9Yo7WiTTs4Qyubod93kDSK9juC3Eohviy4hytfEA= +NodeupConfigHash: ZM27eswIGASeycbkw13naZ3DO3MVAltzBMqxGoYg4uQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content index 2a336e3a98..4b715a4464 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_cluster-completed.spec_content @@ -23,7 +23,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -34,7 +34,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -49,8 +49,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -101,10 +101,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -130,10 +127,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,13 +148,10 @@ spec: serverIP: 100.64.0.10 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -173,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -186,7 +174,7 @@ spec: shutdownGracePeriodCriticalPods: 0s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -196,9 +184,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 03aa43bf09..898d64cb7b 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 29cb04918c..cfd56aa596 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 3764bb2698fcd6ad15853cf437c1664e7f46acfee77fdc3c686f1aa000ab4006 + manifestHash: dbc0df294fcd14e5e160aee8184a0a44f8f19b1405ba6e59df9bc374744cc550 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -186,7 +186,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 61d8aed7126cff29860f5b09a092010af18071fa057edaa5cdc3ab3a38cc6ef2 + manifestHash: 9e9e026261b203c0fe301ae3c0ab6a219b80118821f576c27dc8b673c5fec444 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 61f8f442f9..c1c3f81e47 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -328,6 +328,7 @@ spec: - --nodes=2:2:nodes.minimal.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -346,7 +347,7 @@ spec: value: arn:aws-test:iam::123456789012:role/cluster-autoscaler.kube-system.sa.minimal.example.com - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 879c06f0da..bf768907a0 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -27,10 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,19 +57,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -308,7 +298,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 0s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content index fdeb11e6aa..67bc78208d 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 0s shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml index 12f1aef985..30d543541f 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf index 6f21ff9169..a93f95778a 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/kubernetes.tf @@ -609,7 +609,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/README.md b/tests/integration/update_cluster/many-addons-ccm-irsa25/README.md deleted file mode 100644 index d173d34f98..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/README.md +++ /dev/null @@ -1,9 +0,0 @@ -Simple test of (experimental) JWKS functionality - -We have to use a fixed CA because the fingerprint is inserted into the AWS WebIdentity configuration. - -ca.crt & ca.key generated with: - -``` -openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt -config <(cat /etc/ssl/openssl.cnf <(printf "[ v3_ca ]\nkeyUsage = critical,keyCertSign,cRLSign")) -``` diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6c18833de4..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-cloud-controller-manager" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 94a1874349..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 3266f85030..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-node-termination-handler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6a4c827804..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:cluster-autoscaler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a1f5c8e2f8..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6bd6048b16..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:ebs-csi-controller-sa" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index d05670c189..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,116 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:ModifyInstanceAttribute", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index e141f8b925..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,118 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "acm:DescribeCertificate", - "acm:ListCertificates", - "cognito-idp:DescribeUserPoolClient", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteRule", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyRule", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:RemoveTags", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a2a9cfce2e..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,26 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeTags", - "ec2:DescribeInstances", - "sqs:DeleteMessage", - "sqs:ReceiveMessage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:CompleteLifecycleAction", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 89ba38c735..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,32 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeScalingActivities", - "ec2:DescribeImages", - "ec2:DescribeInstanceTypes", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetInstanceTypesFromInstanceRequirements" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index c3f164caee..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,35 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 5dd615cd76..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,91 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateVolume", - "CreateSnapshot" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AttachVolume", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:CreateVolume" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy deleted file mode 100644 index d6666452b0..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ /dev/null @@ -1,137 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:AttachVolume", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com", - "aws:ResourceTag/k8s.io/role/master": "1" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:Get*" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-write-bucket" - ] - }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:GenerateRandom", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy deleted file mode 100644 index d18bc3afc1..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ /dev/null @@ -1,48 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data deleted file mode 100644 index 9ff23c997b..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigBase: memfs://clusters.example.com/minimal.example.com -InstanceGroupName: master-us-test-1a -InstanceGroupRole: ControlPlane -NodeupConfigHash: x9kGUyDatSFsdN8mHyt4DPHbWc8j250le5BpmJI16Eg= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content deleted file mode 100644 index ffc4f28dce..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_cluster-completed.spec_content +++ /dev/null @@ -1,249 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - api: - dns: {} - authorization: - alwaysAllow: {} - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - channel: stable - cloudConfig: - awsEBSCSIDriver: - version: v1.33.0 - manageStorageClasses: true - cloudControllerManager: - allocateNodeCIDRs: true - cloudProvider: aws - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 - leaderElection: - leaderElect: true - cloudProvider: aws - clusterAutoscaler: - awsUseStaticInstanceList: false - balanceSimilarNodeGroups: false - emitPerNodegroupMetrics: false - enabled: true - expander: random - ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.3 - maxNodeProvisionTime: 15m0s - newPodScaleUpDelay: 0s - scaleDownDelayAfterAdd: 10m0s - scaleDownUnneededTime: 10m0s - scaleDownUnreadyTime: 20m0s - scaleDownUtilizationThreshold: "0.5" - skipNodesWithCustomControllerPods: true - skipNodesWithLocalStorage: true - skipNodesWithSystemPods: true - clusterDNSDomain: cluster.local - configBase: memfs://clusters.example.com/minimal.example.com - containerd: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 - dnsZone: Z1AFAKE1ZON3YO - etcdClusters: - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/main - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: main - version: 3.5.17 - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/events - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: events - version: 3.5.17 - externalDns: - provider: dns-controller - iam: - legacy: false - useServiceAccountExternalPermissions: true - keyStore: memfs://clusters.example.com/minimal.example.com/pki - kubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - kubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - kubeDNS: - cacheMaxConcurrent: 150 - cacheMaxSize: 1000 - cpuRequest: 100m - domain: cluster.local - memoryLimit: 170Mi - memoryRequest: 70Mi - nodeLocalDNS: - cpuRequest: 25m - enabled: false - image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 - memoryRequest: 5Mi - provider: CoreDNS - serverIP: 100.64.0.10 - kubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 - kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 - kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - kubernetesApiAccess: - - 0.0.0.0/0 - kubernetesVersion: 1.25.0 - masterKubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - masterPublicName: api.minimal.example.com - metricsServer: - enabled: true - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - cpuRequest: 50m - deleteSQSMsgIfNodeNotFound: false - enableRebalanceDraining: false - enableRebalanceMonitoring: false - enableScheduledEventDraining: true - enableSpotInterruptionDraining: true - enabled: true - excludeFromLoadBalancers: true - managedASGTag: aws-node-termination-handler/managed - memoryRequest: 64Mi - podTerminationGracePeriod: -1 - prometheusEnable: false - taintNode: false - version: v1.22.0 - nonMasqueradeCIDR: 172.20.0.0/16 - podCIDR: 172.20.128.0/17 - secretStore: memfs://clusters.example.com/minimal.example.com/secrets - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - serviceClusterIPRange: 100.64.0.0/13 - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - topology: - dns: - type: Public diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content deleted file mode 100644 index aba05dfd1a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_discovery.json_content +++ /dev/null @@ -1,18 +0,0 @@ -{ -"issuer": "https://discovery.example.com/minimal.example.com", -"jwks_uri": "https://discovery.example.com/minimal.example.com/openid/v1/jwks", -"authorization_endpoint": "urn:kubernetes:programmatic_authorization", -"response_types_supported": [ -"id_token" -], -"subject_types_supported": [ -"public" -], -"id_token_signing_alg_values_supported": [ -"RS256" -], -"claims_supported": [ -"sub", -"iss" -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content deleted file mode 100644 index ddcbc6ed75..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_keys.json_content +++ /dev/null @@ -1,20 +0,0 @@ -{ -"keys": [ -{ -"use": "sig", -"kty": "RSA", -"kid": "3mNcULfgtWECYyZWY5ow1rOHjiRwEZHx28HQcRec3Ew", -"alg": "RS256", -"n": "2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy_C8Mxouxva_om9d7Sq8Ka55T7-w", -"e": "AQAB" -}, -{ -"use": "sig", -"kty": "RSA", -"kid": "G-cZ10iKJqrXhR15ivI7Lg2q_cuL0zN9ouL0vF67FLc", -"alg": "RS256", -"n": "o4Tridlsf4Yz3UAiup_scSTiG_OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboDq4cCuGLfdzaQdCQKPIsDuw", -"e": "AQAB" -} -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content deleted file mode 100644 index 4eb0d5b03a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-events - name: etcd-manager-events - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3997 --peer-urls=https://__name__:2381 - --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events - --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-events - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd-events.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content deleted file mode 100644 index e2d9e5d30a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-main - name: etcd-manager-main - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3996 --peer-urls=https://__name__:2380 - --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main - --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-main - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content deleted file mode 100644 index c9f76089af..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - k8s-app: aws-cloud-controller-manager - name: aws-cloud-controller-manager - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-cloud-controller-manager - template: - metadata: - creationTimestamp: null - labels: - k8s-app: aws-cloud-controller-manager - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --allocate-node-cidrs=true - - --cloud-provider=aws - - --cluster-cidr=172.20.128.0/17 - - --cluster-name=minimal.example.com - - --configure-cloud-routes=false - - --leader-elect=true - - --v=2 - - --use-service-account-credentials=true - - --cloud-config=/etc/kubernetes/cloud.config - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 - imagePullPolicy: IfNotPresent - name: aws-cloud-controller-manager - resources: - requests: - cpu: 200m - volumeMounts: - - mountPath: /etc/kubernetes/cloud.config - name: cloudconfig - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: aws-cloud-controller-manager - tolerations: - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - - effect: NoSchedule - key: node.kubernetes.io/not-ready - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - - effect: NoSchedule - key: node-role.kubernetes.io/master - volumes: - - hostPath: - path: /etc/kubernetes/cloud.config - type: "" - name: cloudconfig - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - updateStrategy: - type: RollingUpdate - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: cloud-controller-manager:apiserver-authentication-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - '*' -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch -- apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - node-controller - - service-controller - - route-controller - resources: - - serviceaccounts/token - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content deleted file mode 100644 index f5f3572927..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content +++ /dev/null @@ -1,1209 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-attacher-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-role -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-provisioner-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - create - - patch - - delete -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-resizer-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-attacher-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-getter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-csi-node-role -subjects: -- kind: ServiceAccount - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-provisioner-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-resizer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-resizer-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-snapshotter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-snapshotter-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-role - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ebs-csi-leases-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app: ebs-csi-controller - app.kubernetes.io/managed-by: kops - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - ports: - - name: metrics - port: 3301 - targetPort: 3301 - selector: - app: ebs-csi-controller - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node - namespace: kube-system -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-node - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-node - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: topology.kubernetes.io/zone - operator: Exists - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - key: node.kubernetes.io/instance-type - operator: NotIn - values: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - containers: - - args: - - node - - --endpoint=$(CSI_ENDPOINT) - - --logging-format=text - - --v=2 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /bin/aws-ebs-csi-driver - - pre-stop-hook - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - privileged: true - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - name: kubelet-dir - - mountPath: /csi - name: plugin-dir - - mountPath: /dev - name: device-dir - - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.11.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - periodSeconds: 90 - timeoutSeconds: 15 - name: node-driver-registrar - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - - mountPath: /registration - name: registration-dir - - mountPath: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - name: probe-dir - - args: - - --csi-address=/csi/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - hostNetwork: false - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - securityContext: - fsGroup: 0 - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - serviceAccountName: ebs-csi-node-sa - terminationGracePeriodSeconds: 30 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /var/lib/kubelet - type: Directory - name: kubelet-dir - - hostPath: - path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - type: DirectoryOrCreate - name: plugin-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir - - emptyDir: {} - name: probe-dir - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-controller - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - weight: 1 - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - ebs-csi-controller - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - controller - - --endpoint=$(CSI_ENDPOINT) - - --k8s-tag-cluster-id=minimal.example.com - - --extra-tags=KubernetesCluster=minimal.example.com - - --http-endpoint=0.0.0.0:3301 - - --batching=true - - --logging-format=text - - --v=5 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: key_id - name: aws-secret - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access_key - name: aws-secret - optional: true - - name: AWS_EC2_ENDPOINT - valueFrom: - configMapKeyRef: - key: endpoint - name: aws-meta - optional: true - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9811 - name: healthz - protocol: TCP - - containerPort: 3301 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --feature-gates=Topology=true - - --extra-create-metadata - - --leader-election=true - - --default-fstype=ext4 - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v5.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-provisioner - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=5m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.6.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-attacher - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=$(ADDRESS) - - --leader-election=true - - --extra-create-metadata - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v8.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-snapshotter - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.3.0 - imagePullPolicy: IfNotPresent - name: volumemodifier - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --handle-volume-inuse-error=false - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --workers=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.11.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-resizer - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=/csi/csi.sock - - --http-endpoint=0.0.0.0:9811 - env: - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: ebs-csi-controller-sa - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - tolerationSeconds: 300 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: socket-dir - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs.csi.aws.com -spec: - attachRequired: true - podInfoOnMount: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content deleted file mode 100644 index dea787ab0d..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ /dev/null @@ -1,1264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: ingressclassparams.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: IngressClassParams - listKind: IngressClassParamsList - plural: ingressclassparams - singular: ingressclassparams - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The Ingress Group name - jsonPath: .spec.group.name - name: GROUP-NAME - type: string - - description: The AWS Load Balancer scheme - jsonPath: .spec.scheme - name: SCHEME - type: string - - description: The AWS Load Balancer ipAddressType - jsonPath: .spec.ipAddressType - name: IP-ADDRESS-TYPE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IngressClassParams is the Schema for the IngressClassParams API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressClassParamsSpec defines the desired state of IngressClassParams - properties: - group: - description: Group defines the IngressGroup for all Ingresses that - belong to IngressClass with this IngressClassParams. - properties: - name: - description: Name is the name of IngressGroup. - type: string - required: - - name - type: object - inboundCIDRs: - description: InboundCIDRs specifies the CIDRs that are allowed to - access the Ingresses that belong to IngressClass with this IngressClassParams. - items: - type: string - type: array - ipAddressType: - description: IPAddressType defines the ip address type for all Ingresses - that belong to IngressClass with this IngressClassParams. - enum: - - ipv4 - - dualstack - type: string - loadBalancerAttributes: - description: LoadBalancerAttributes define the custom attributes to - LoadBalancers for all Ingress that that belong to IngressClass with - this IngressClassParams. - items: - description: Attributes defines custom attributes on resources. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - namespaceSelector: - description: NamespaceSelector restrict the namespaces of Ingresses - that are allowed to specify the IngressClass with this IngressClassParams. - * if absent or present but empty, it selects all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - scheme: - description: Scheme defines the scheme for all Ingresses that belong - to IngressClass with this IngressClassParams. - enum: - - internal - - internet-facing - type: string - sslPolicy: - description: SSLPolicy specifies the SSL Policy for all Ingresses - that belong to IngressClass with this IngressClassParams. - type: string - subnets: - description: Subnets defines the subnets for all Ingresses that belong - to IngressClass with this IngressClassParams. - properties: - ids: - description: IDs specify the resource IDs of subnets. Exactly - one of this or `tags` must be specified. - items: - description: SubnetID specifies a subnet ID. - pattern: subnet-[0-9a-f]+ - type: string - minItems: 1 - type: array - tags: - additionalProperties: - items: - type: string - type: array - description: Tags specifies subnets in the load balancer's VPC - where each tag specified in the map key contains one of the - values in the corresponding value list. Exactly one of this - or `ids` must be specified. - type: object - type: object - tags: - description: Tags defines list of Tags on AWS resources provisioned - for Ingresses that belong to IngressClass with this IngressClassParams. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: targetgroupbindings.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: TargetGroupBinding - listKind: TargetGroupBindingList - plural: targetgroupbindings - singular: targetgroupbinding - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - networking: - description: networking provides the networking setup for ELBV2 LoadBalancer - to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - ipAddressType: - description: ipAddressType specifies whether the target group is of - type IPv4 or IPv6. If unspecified, it will be automatically inferred. - enum: - - ipv4 - - ipv6 - type: string - networking: - description: networking defines the networking rules to allow ELBV2 - LoadBalancer to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - description: NetworkingIngressRule defines a particular set - of traffic that is allowed to access TargetGroup's targets. - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - description: NetworkingPort defines the port and protocol - for networking rules. - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - nodeSelector: - description: node selector for instance type target groups to only - register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - minLength: 1 - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-role - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - aws-load-balancer-controller-leader - resources: - - configmaps - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - aws-load-balancer-controller-leader - resources: - - leases - verbs: - - get - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-role -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - ingressclassparams - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings/status - verbs: - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: aws-load-balancer-controller-leader-election-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-load-balancer-controller-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook-service - namespace: kube-system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --metrics-bind-addr=:9442 - - --cluster-name=minimal.example.com - - --enable-waf=false - - --enable-wafv2=false - - --enable-shield=false - - --ingress-class=alb - - --default-tags=KubernetesCluster=minimal.example.com - - --aws-region=us-test-1 - env: - - name: NODENAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 - livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 - name: controller - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - resources: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: aws-load-balancer-controller - terminationGracePeriodSeconds: 10 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: aws-load-balancer-webhook-tls - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-serving-cert - namespace: kube-system -spec: - dnsNames: - - aws-load-balancer-webhook-service.kube-system.svc - - aws-load-balancer-webhook-service.kube-system.svc.cluster.local - issuerRef: - kind: Issuer - name: aws-load-balancer-selfsigned-issuer - secretName: aws-load-balancer-webhook-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-selfsigned-issuer - namespace: kube-system -spec: - selfSigned: {} - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-service - failurePolicy: Fail - name: mservice.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - services - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-pod - failurePolicy: Fail - name: mpod.elbv2.k8s.aws - namespaceSelector: - matchExpressions: - - key: elbv2.k8s.aws/pod-readiness-gate-inject - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: mtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams - failurePolicy: Fail - name: vingressclassparams.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingressclassparams - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: vtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-networking-v1-ingress - failurePolicy: Fail - matchPolicy: Equivalent - name: vingress.elbv2.k8s.aws - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - ---- - -apiVersion: elbv2.k8s.aws/v1beta1 -kind: IngressClassParams -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb - ---- - -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb -spec: - controller: ingress.k8s.aws/alb - parameters: - apiGroup: elbv2.k8s.aws - kind: IngressClassParams - name: alb - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content deleted file mode 100644 index 0f20499bde..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ /dev/null @@ -1,215 +0,0 @@ -kind: Addons -metadata: - creationTimestamp: null - name: bootstrap -spec: - addons: - - id: k8s-1.16 - manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 - name: kops-controller.addons.k8s.io - needsRollingUpdate: control-plane - selector: - k8s-addon: kops-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: coredns.addons.k8s.io/k8s-1.12.yaml - manifestHash: 591e3b40d00949575616698ce1c9230db8cb00bdab4f8a0d5ef14080a1d7a93c - name: coredns.addons.k8s.io - selector: - k8s-addon: coredns.addons.k8s.io - version: 9.99.0 - - id: k8s-1.9 - manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml - manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81 - name: kubelet-api.rbac.addons.k8s.io - selector: - k8s-addon: kubelet-api.rbac.addons.k8s.io - version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - - manifest: limit-range.addons.k8s.io/v1.5.0.yaml - manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 - name: limit-range.addons.k8s.io - selector: - k8s-addon: limit-range.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml - manifestHash: be276bd85459d2d34b26a95d3c9492939bb386ce39f13212db484d23aa57da22 - name: dns-controller.addons.k8s.io - selector: - k8s-addon: dns-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.15 - manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: c03c6c1e8806b7e572506d2018bdbb9c314f5bc207473d85e95e7308af4d5193 - name: cluster-autoscaler.addons.k8s.io - selector: - k8s-addon: cluster-autoscaler.addons.k8s.io - version: 9.99.0 - - id: k8s-1.11 - manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f - name: metrics-server.addons.k8s.io - needsPKI: true - selector: - k8s-app: metrics-server - version: 9.99.0 - - id: k8s-1.16 - manifest: certmanager.io/k8s-1.16.yaml - manifestHash: e9a1f65a8e57904e77e1b5e9f429ca56e154eb73ed2a536e1fb39746573dba21 - name: certmanager.io - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: Service - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - selector: null - version: 9.99.0 - - id: k8s-1.11 - manifest: node-termination-handler.aws/k8s-1.11.yaml - manifestHash: 09840259d2fc87e0f9704d14df71a803b21e5f9a65017929f4721eb191b53f70 - name: node-termination-handler.aws - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: Service - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - selector: - k8s-addon: node-termination-handler.aws - version: 9.99.0 - - id: k8s-1.19 - manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: f32c0c5f258e9fb26f8a69b7a2e9ece3738d737552e774d8d84896dcab323782 - name: aws-load-balancer-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: aws-load-balancer-controller.addons.k8s.io - version: 9.99.0 - - id: v1.15.0 - manifest: storage-aws.addons.k8s.io/v1.15.0.yaml - manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200 - name: storage-aws.addons.k8s.io - selector: - k8s-addon: storage-aws.addons.k8s.io - version: 9.99.0 - - id: k8s-1.16 - manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml - manifestHash: f7c29b8c7ecc81826fbb05c53bc443f4e387a0e1dd375b9dbdd71de95674a479 - name: networking.amazon-vpc-routed-eni - needsRollingUpdate: all - selector: - role.kubernetes.io/networking: "1" - version: 9.99.0 - - id: k8s-1.18 - manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 7093e19e27c166399f105077b4d58889f16c4a3f4f6d4e675bfa7b66120336cb - name: aws-cloud-controller.addons.k8s.io - selector: - k8s-addon: aws-cloud-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.17 - manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml - manifestHash: db7ca215ecd9c12f6f746b37865600f8130ef9844faf7bad48ba8e661fd83ee7 - name: aws-ebs-csi-driver.addons.k8s.io - selector: - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - version: 9.99.0 - - id: k8s-1.20 - manifest: snapshot-controller.addons.k8s.io/k8s-1.20.yaml - manifestHash: 06a1cffd153dc7f8cf75853da3683d3a68b55411883d84b9bebf049fc746b980 - name: snapshot-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: snapshot-controller.addons.k8s.io - version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content deleted file mode 100644 index aa9800e409..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ /dev/null @@ -1,10095 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificaterequests.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: CertificateRequest - listKind: CertificateRequestList - plural: certificaterequests - shortNames: - - cr - - crs - singular: certificaterequest - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Approved")].status - name: Approved - type: string - - jsonPath: .status.conditions[?(@.type=="Denied")].status - name: Denied - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - type: string - - jsonPath: .spec.username - name: Requestor - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate - from one of the configured issuers. \n All fields within the CertificateRequest's - `spec` are immutable after creation. A CertificateRequest will either succeed - or fail, as denoted by its `status.state` field. \n A CertificateRequest - is a one-shot resource, meaning it represents a single point in time request - for a certificate and cannot be re-used." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the CertificateRequest resource. - properties: - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. - type: string - extra: - additionalProperties: - items: - type: string - type: array - description: Extra contains extra attributes of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - type: object - groups: - description: Groups contains group membership of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - items: - type: string - type: array - x-kubernetes-list-type: atomic - isCA: - description: IsCA will request to mark the certificate as valid for - certificate signing when submitting to the issuer. This will automatically - add the `cert sign` usage to the list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this CertificateRequest. If - the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the CertificateRequest - will be used. If the `kind` field is set to `ClusterIssuer`, a - ClusterIssuer with the provided name will be used. The `name` field - in this stanza is required at all times. The group field refers - to the API group of the issuer which defaults to `cert-manager.io` - if empty. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: The PEM-encoded x509 certificate signing request to be - submitted to the CA for signing. - format: byte - type: string - uid: - description: UID contains the uid of the user that created the CertificateRequest. - Populated by the cert-manager webhook on creation and immutable. - type: string - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. If usages are set they SHOULD be encoded inside - the CSR spec Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - username: - description: Username contains the name of the user that created the - CertificateRequest. Populated by the cert-manager webhook on creation - and immutable. - type: string - required: - - issuerRef - - request - type: object - status: - description: Status of the CertificateRequest. This is set and managed - automatically. - properties: - ca: - description: The PEM encoded x509 certificate of the signer, also - known as the CA (Certificate Authority). This is set on a best-effort - basis by different issuers. If not set, the CA is assumed to be - unknown/not available. - format: byte - type: string - certificate: - description: The PEM encoded x509 certificate resulting from the certificate - signing request. If not set, the CertificateRequest has either not - been completed or has failed. More information on failure can be - found by checking the `conditions` field. - format: byte - type: string - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. - items: - description: CertificateRequestCondition contains condition information - for a CertificateRequest. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `InvalidRequest`, `Approved`, `Denied`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failureTime: - description: FailureTime stores the time that this CertificateRequest - failed. This is used to influence garbage collection and back-off. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificates.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Certificate - listKind: CertificateList - plural: certificates - shortNames: - - cert - - certs - singular: certificate - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.secretName - name: Secret - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to - date and signed x509 certificate is stored in the Kubernetes Secret resource - named in `spec.secretName`. \n The stored certificate will be renewed before - it expires (as configured by `spec.renewBefore`)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Certificate resource. - properties: - additionalOutputFormats: - description: AdditionalOutputFormats defines extra output formats - of the private key and signed certificate chain to be written to - this Certificate's target Secret. This is an Alpha Feature and is - only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` - option on both the controller and webhook components. - items: - description: CertificateAdditionalOutputFormat defines an additional - output format of a Certificate resource. These contain supplementary - data formats of the signed certificate chain and paired private - key. - properties: - type: - description: Type is the name of the format type that should - be written to the Certificate's target Secret. - enum: - - DER - - CombinedPEM - type: string - required: - - type - type: object - type: array - commonName: - description: 'CommonName is a common name to be used on the Certificate. - The CommonName should have a length of 64 characters or fewer to - avoid generating invalid CSRs. This value is ignored by TLS clients - when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' - type: string - dnsNames: - description: DNSNames is a list of DNS subjectAltNames to be set on - the Certificate. - items: - type: string - type: array - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. If unset - this defaults to 90 days. Certificate will be renewed either 2/3 - through its duration or `renewBefore` period before its expiry, - whichever is later. Minimum accepted duration is 1 hour. Value must - be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - emailAddresses: - description: EmailAddresses is a list of email subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - encodeUsagesInRequest: - description: EncodeUsagesInRequest controls whether key usages should - be present in the CertificateRequest - type: boolean - ipAddresses: - description: IPAddresses is a list of IP address subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - isCA: - description: IsCA will mark this Certificate as valid for certificate - signing. This will automatically add the `cert sign` usage to the - list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this certificate. - If the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the Certificate will - be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer - with the provided name will be used. The `name` field in this stanza - is required at all times. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - keystores: - description: Keystores configures additional keystore output formats - stored in the `secretName` Secret resource. - properties: - jks: - description: JKS configures options for storing a JKS keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables JKS keystore creation for the - Certificate. If true, a file named `keystore.jks` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.jks` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the JKS keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - pkcs12: - description: PKCS12 configures options for storing a PKCS12 keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables PKCS12 keystore creation for the - Certificate. If true, a file named `keystore.p12` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.p12` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the PKCS12 keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - type: object - literalSubject: - description: LiteralSubject is an LDAP formatted string that represents - the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - Use this *instead* of the Subject field if you need to ensure the - correct ordering of the RDN sequence, such as when issuing certs - for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, - https://github.com/cert-manager/cert-manager/issues/4424. This field - is alpha level and is only supported by cert-manager installations - where LiteralCertificateSubject feature gate is enabled on both - cert-manager controller and webhook. - type: string - privateKey: - description: Options to control private keys used for the Certificate. - properties: - algorithm: - description: Algorithm is the private key algorithm of the corresponding - private key for this certificate. If provided, allowed values - are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified - and `size` is not provided, key size of 256 will be used for - `ECDSA` key algorithm and key size of 2048 will be used for - `RSA` key algorithm. key size is ignored when using the `Ed25519` - key algorithm. - enum: - - RSA - - ECDSA - - Ed25519 - type: string - encoding: - description: The private key cryptography standards (PKCS) encoding - for this certificate's private key to be encoded in. If provided, - allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and - PKCS#8, respectively. Defaults to `PKCS1` if not specified. - enum: - - PKCS1 - - PKCS8 - type: string - rotationPolicy: - description: RotationPolicy controls how private keys should be - regenerated when a re-issuance is being processed. If set to - Never, a private key will only be generated if one does not - already exist in the target `spec.secretName`. If one does exists - but it does not have the correct algorithm or size, a warning - will be raised to await user intervention. If set to Always, - a private key matching the specified requirements will be generated - whenever a re-issuance occurs. Default is 'Never' for backward - compatibility. - enum: - - Never - - Always - type: string - size: - description: Size is the key bit size of the corresponding private - key for this certificate. If `algorithm` is set to `RSA`, valid - values are `2048`, `4096` or `8192`, and will default to `2048` - if not specified. If `algorithm` is set to `ECDSA`, valid values - are `256`, `384` or `521`, and will default to `256` if not - specified. If `algorithm` is set to `Ed25519`, Size is ignored. - No other values are allowed. - type: integer - type: object - renewBefore: - description: How long before the currently issued certificate's expiry - cert-manager should renew the certificate. The default is 2/3 of - the issued certificate's duration. Minimum accepted value is 5 minutes. - Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - revisionHistoryLimit: - description: revisionHistoryLimit is the maximum number of CertificateRequest - revisions that are maintained in the Certificate's history. Each - revision represents a single `CertificateRequest` created by this - Certificate, either when it was created, renewed, or Spec was changed. - Revisions will be removed by oldest first if the number of revisions - exceeds this number. If set, revisionHistoryLimit must be a value - of `1` or greater. If unset (`nil`), revisions will not be garbage - collected. Default value is `nil`. - format: int32 - type: integer - secretName: - description: SecretName is the name of the secret resource that will - be automatically created and managed by this Certificate resource. - It will be populated with a private key and certificate, signed - by the denoted issuer. - type: string - secretTemplate: - description: SecretTemplate defines annotations and labels to be copied - to the Certificate's Secret. Labels and annotations on the Secret - will be changed as they appear on the SecretTemplate when added - or removed. SecretTemplate annotations are added in conjunction - with, and cannot overwrite, the base set of annotations cert-manager - sets on the Certificate's Secret. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a key value map to be copied to the - target Kubernetes Secret. - type: object - labels: - additionalProperties: - type: string - description: Labels is a key value map to be copied to the target - Kubernetes Secret. - type: object - type: object - subject: - description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). - properties: - countries: - description: Countries to be used on the Certificate. - items: - type: string - type: array - localities: - description: Cities to be used on the Certificate. - items: - type: string - type: array - organizationalUnits: - description: Organizational Units to be used on the Certificate. - items: - type: string - type: array - organizations: - description: Organizations to be used on the Certificate. - items: - type: string - type: array - postalCodes: - description: Postal codes to be used on the Certificate. - items: - type: string - type: array - provinces: - description: State/Provinces to be used on the Certificate. - items: - type: string - type: array - serialNumber: - description: Serial number to be used on the Certificate. - type: string - streetAddresses: - description: Street addresses to be used on the Certificate. - items: - type: string - type: array - type: object - uris: - description: URIs is a list of URI subjectAltNames to be set on the - Certificate. - items: - type: string - type: array - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - required: - - issuerRef - - secretName - type: object - status: - description: Status of the Certificate. This is set and managed automatically. - properties: - conditions: - description: List of status conditions to indicate the status of certificates. - Known condition types are `Ready` and `Issuing`. - items: - description: CertificateCondition contains condition information - for an Certificate. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Certificate. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `Issuing`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failedIssuanceAttempts: - description: The number of continuous failed issuance attempts up - till now. This field gets removed (if set) on a successful issuance - and gets set to 1 if unset and an issuance has failed. If an issuance - has failed, the delay till the next issuance will be calculated - using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). - type: integer - lastFailureTime: - description: LastFailureTime is set only if the lastest issuance for - this Certificate failed and contains the time of the failure. If - an issuance has failed, the delay till the next issuance will be - calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - - 1). If the latest issuance has succeeded this field will be unset. - format: date-time - type: string - nextPrivateKeySecretName: - description: The name of the Secret resource containing the private - key to be used for the next certificate iteration. The keymanager - controller will automatically set this field if the `Issuing` condition - is set to `True`. It will automatically unset this field when the - Issuing condition is not set or False. - type: string - notAfter: - description: The expiration time of the certificate stored in the - secret named by this resource in `spec.secretName`. - format: date-time - type: string - notBefore: - description: The time after which the certificate stored in the secret - named by this resource in spec.secretName is valid. - format: date-time - type: string - renewalTime: - description: RenewalTime is the time at which the certificate will - be next renewed. If not set, no upcoming renewal is scheduled. - format: date-time - type: string - revision: - description: "The current 'revision' of the certificate as issued. - \n When a CertificateRequest resource is created, it will have the - `cert-manager.io/certificate-revision` set to one greater than the - current value of this field. \n Upon issuance, this field will be - set to the value of the annotation on the CertificateRequest resource - used to issue the certificate. \n Persisting the value on the CertificateRequest - resource allows the certificates controller to know whether a request - is part of an old issuance or if it is part of the ongoing revision's - issuance by checking if the revision value in the annotation is - greater than this field." - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: challenges.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Challenge - listKind: ChallengeList - plural: challenges - singular: challenge - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.dnsName - name: Domain - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Challenge is a type to represent a Challenge request with an - ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - authorizationURL: - description: The URL to the ACME Authorization resource that this - challenge is a part of. - type: string - dnsName: - description: dnsName is the identifier that this challenge is for, - e.g. example.com. If the requested DNSName is a 'wildcard', this - field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, - it must be `example.com`. - type: string - issuerRef: - description: References a properly configured ACME-type Issuer which - should be used to create this Challenge. If the Issuer does not - exist, processing will be retried. If the Issuer is not an 'ACME' - Issuer, an error will be returned and the Challenge will be marked - as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - key: - description: 'The ACME challenge key for this challenge For HTTP01 - challenges, this is the value that must be responded with to complete - the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is - the base64 encoded SHA256 sum of the `.` text that must be set as the TXT - record content.' - type: string - solver: - description: Contains the domain solving configuration that should - be used to solve this challenge resource. - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations - by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API to manage - DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 - challenge records. - properties: - clientID: - description: if both this and ClientSecret are left unset - MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset - MSI will be used - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be - used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, can - not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 - challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field that - tells cert-manager in which Cloud DNS zone the challenge - record has to be created. If left empty cert-manager - will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge - records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. - Note: using an API token to authenticate is now the - recommended method as it allows greater control of permissions.' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required when - using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider - should handle CNAME records when found in DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 - challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name - System") (https://datatracker.ietf.org/doc/rfc2136/) to - manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed in - square brackets (e.g [2001:db8::1]) ; port is optional. - This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS - supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values are - (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, - ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. - If ``tsigSecretSecretRef`` is defined, this field is - required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG - value. If ``tsigKeyName`` is defined, this field is - required. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 challenge - records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If neither - the Access Key nor Key ID are set, we fall-back to using - env vars, shared credentials file or AWS Instance metadata, - see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key within - a Kubernetes Secret. Cannot be set when AccessKeyID - is set. If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials file - or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only this - zone in Route53 and will not do an lookup using the - route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider - will assume using either the explicit credentials AccessKeyID/SecretAccessKey - or the inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back - to using env vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 challenge - solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should be passed - to the webhook apiserver when challenges are processed. - This can contain arbitrary JSON data. Secret values - should not be specified in this stanza. If secret values - are needed (e.g. credentials for a DNS service), you - should use a SecretKeySelector to reference a Secret - resource. For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when - POSTing ChallengePayload resources to the webhook apiserver. - This should be the same as the GroupName specified in - the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will typically - be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete authorizations - by performing the HTTP01 challenge flow. It is not possible - to obtain certificates for wildcard domain names (e.g. `*.example.com`) - using the HTTP01 challenge mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API - that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the specified - labels in the same namespace as the challenge. This solver - is experimental, and fields / behaviour may change in the - future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied to HTTPRoutes - created by cert-manager while solving HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager - creates an HTTPRoute. cert-manager needs to know which - parentRefs should be used when creating the HTTPRoute. - Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API object - (usually a Gateway) that can be considered a parent - of this resource (usually a route). The only kind - of parent resource with \"Core\" support is Gateway. - This API may be extended in the future to support - additional kinds of parent resources, such as HTTPRoute. - \n The API object must be valid in the cluster; the - Group and Kind must be registered in the cluster for - this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such as - for a \"Service\" kind referent), Group must be - explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n Support: - Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the - referent. When unspecified, this refers to the - local namespace of the Route. \n Note that there - are specific rules for ParentRefs which cross - namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed - by something in the namespace they are referring - to. For example: Gateway has the AllowedRoutes - field, and ReferenceGrant provides a generic way - to enable any other kind of cross-namespace reference. - \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route - targets. It can be interpreted differently based - on the type of parent resource. \n When the parent - resource is a Gateway, this targets all listeners - listening on the specified port that also support - this kind of Route(and select this Route). It's - not recommended to set `Port` unless the networking - behaviors specified in a Route must apply to a - specific port as opposed to a listener(s) whose - port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected - listener must match both specified values. \n - Implementations MAY choose to support other parent - resources. Implementations supporting other types - of parent resources MUST clearly document how/if - Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long - as the parent resource accepts it partially. For - example, Gateway listeners can restrict which - Routes can attach to them by Route kind, namespace, - or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route - MUST be considered successfully attached. If no - Gateway listeners accept attachment from this - Route, the Route MUST be considered detached from - the Gateway. \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section - within the target resource. In the following resources, - SectionName is interpreted as the following: \n - * Gateway: Listener Name. When both Port (experimental) - and SectionName are specified, the name and port - of the selected listener must match both specified - values. \n Implementations MAY choose to support - attaching Routes to other resources. If that is - the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), - this will reference the entire resource. For the - purpose of status, an attachment is considered - successful if at least one section in the parent - resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by - Route kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully - attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver will - solve challenges by creating or modifying Ingress resources - in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by cert-manager - for each Challenge to be completed. - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` - when creating Ingress resources to solve ACME challenges - that use this challenge solver. Only one of `class`, - `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve ACME - challenges that use this challenge solver. This is the - recommended way of configuring the ingress class. Only - one of `class`, `name` or `ingressClassName` may be - specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the 'labels' - and 'annotations' fields may be set. If labels or - annotations overlap with in-built values, the values - here will override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the created ACME HTTP01 solver ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that should - have ACME challenge solving routes inserted into it - in order to solve HTTP01 challenges. This is typically - used in conjunction with ingress controllers like ingress-gce, - which maintains a 1:1 mapping between external IPs and - ingress resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the - ACME challenge solver pods used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod used - to solve HTTP01 challenges. Only the 'labels' and - 'annotations' fields may be set. If labels or annotations - overlap with in-built values, the values here will - override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the create ACME HTTP01 solver pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the HTTP01 - challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All other - fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to an update), - the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. - By default, it is not set, which means - tolerate the taint forever (do not evict). - Zero and negative values will be treated - as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the - toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver has - a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will be used - to solve. If specified and a match is found, a dnsNames - selector will take precedence over a dnsZones selector. - If multiple solvers match with the same dnsNames value, - the solver with the most matching labels in matchLabels - will be selected. If neither has more matches, the solver - defined earlier in the list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will be used - to solve. The most specific DNS zone match specified here - will take precedence over other DNS zone matches, so a solver - specifying sys.example.com will be selected over one specifying - example.com for the domain www.sys.example.com. If multiple - solvers match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine the set - of certificate's that this challenge solver will apply to. - type: object - type: object - type: object - token: - description: The ACME challenge token for this challenge. This is - the raw value returned from the ACME server. - type: string - type: - description: The type of ACME challenge this resource represents. - One of "HTTP-01" or "DNS-01". - enum: - - HTTP-01 - - DNS-01 - type: string - url: - description: The URL of the ACME Challenge resource for this challenge. - This can be used to lookup details about the status of this challenge. - type: string - wildcard: - description: wildcard will be true if this challenge is for a wildcard - identifier, for example '*.example.com'. - type: boolean - required: - - authorizationURL - - dnsName - - issuerRef - - key - - solver - - token - - type - - url - type: object - status: - properties: - presented: - description: presented will be set to true if the challenge values - for this challenge are currently 'presented'. This *does not* imply - the self check is passing. Only that the values have been 'submitted' - for the appropriate challenge mechanism (i.e. the DNS01 TXT record - has been presented, or the HTTP01 configuration has been configured). - type: boolean - processing: - description: Used to denote whether this challenge should be processed - or not. This field will only be set to true by the 'scheduling' - component. It will only be set to false by the 'challenges' controller, - after the challenge has reached a final state or timed out. If this - field is set to false, the challenge controller will not take any - more action. - type: boolean - reason: - description: Contains human readable information on why the Challenge - is in the current state. - type: string - state: - description: Contains the current 'state' of the challenge. If not - set, the state of the challenge is unknown. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: clusterissuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: ClusterIssuer - listKind: ClusterIssuerList - plural: clusterissuers - singular: clusterissuer - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: A ClusterIssuer represents a certificate issuing authority which - can be referenced as part of `issuerRef` fields. It is similar to an Issuer, - however it is cluster-scoped and therefore can be referenced by resources - that exist in *any* namespace, not just the same namespace as the referent. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the ClusterIssuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the ClusterIssuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: issuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Issuer - listKind: IssuerList - plural: issuers - singular: issuer - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: An Issuer represents a certificate issuing authority which can - be referenced as part of `issuerRef` fields. It is scoped to a single namespace - and can therefore only be referenced by resources within the same namespace. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Issuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the Issuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: orders.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Order - listKind: OrderList - plural: orders - singular: order - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Order is a type to represent an Order with an ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - commonName: - description: CommonName is the common name as specified on the DER - encoded CSR. If specified, this value must also be present in `dnsNames` - or `ipAddresses`. This field must match the corresponding field - on the DER encoded CSR. - type: string - dnsNames: - description: DNSNames is a list of DNS names that should be included - as part of the Order validation process. This field must match the - corresponding field on the DER encoded CSR. - items: - type: string - type: array - duration: - description: Duration is the duration for the not after date for the - requested certificate. this is set on order creation as pe the ACME - spec. - type: string - ipAddresses: - description: IPAddresses is a list of IP addresses that should be - included as part of the Order validation process. This field must - match the corresponding field on the DER encoded CSR. - items: - type: string - type: array - issuerRef: - description: IssuerRef references a properly configured ACME-type - Issuer which should be used to create this Order. If the Issuer - does not exist, processing will be retried. If the Issuer is not - an 'ACME' Issuer, an error will be returned and the Order will be - marked as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: Certificate signing request bytes in DER encoding. This - will be used when finalizing the order. This field must be set on - the order. - format: byte - type: string - required: - - issuerRef - - request - type: object - status: - properties: - authorizations: - description: Authorizations contains data returned from the ACME server - on what authorizations must be completed in order to validate the - DNS names specified on the Order. - items: - description: ACMEAuthorization contains data returned from the ACME - server on an authorization that must be completed in order validate - a DNS name on an ACME Order resource. - properties: - challenges: - description: Challenges specifies the challenge types offered - by the ACME server. One of these challenge types will be selected - when validating the DNS name and an appropriate Challenge - resource will be created to perform the ACME challenge process. - items: - description: Challenge specifies a challenge offered by the - ACME server for an Order. An appropriate Challenge resource - can be created to perform the ACME challenge process. - properties: - token: - description: Token is the token that must be presented - for this challenge. This is used to compute the 'key' - that must also be presented. - type: string - type: - description: Type is the type of challenge being offered, - e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is - the raw value retrieved from the ACME server. Only 'http-01' - and 'dns-01' are supported by cert-manager, other values - will be ignored. - type: string - url: - description: URL is the URL of this challenge. It can - be used to retrieve additional metadata about the Challenge - from the ACME server. - type: string - required: - - token - - type - - url - type: object - type: array - identifier: - description: Identifier is the DNS name to be validated as part - of this authorization - type: string - initialState: - description: InitialState is the initial state of the ACME authorization - when first fetched from the ACME server. If an Authorization - is already 'valid', the Order controller will not create a - Challenge resource for the authorization. This will occur - when working with an ACME server that enables 'authz reuse' - (such as Let's Encrypt's production endpoint). If not set - and 'identifier' is set, the state is assumed to be pending - and a Challenge will be created. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL is the URL of the Authorization that must be - completed - type: string - wildcard: - description: Wildcard will be true if this authorization is - for a wildcard DNS name. If this is true, the identifier will - be the *non-wildcard* version of the DNS name. For example, - if '*.example.com' is the DNS name being validated, this field - will be 'true' and the 'identifier' field will be 'example.com'. - type: boolean - required: - - url - type: object - type: array - certificate: - description: Certificate is a copy of the PEM encoded certificate - for this Order. This field will be populated after the order has - been successfully finalized with the ACME server, and the order - has transitioned to the 'valid' state. - format: byte - type: string - failureTime: - description: FailureTime stores the time that this order failed. This - is used to influence garbage collection and back-off. - format: date-time - type: string - finalizeURL: - description: FinalizeURL of the Order. This is used to obtain certificates - for this order once it has been completed. - type: string - reason: - description: Reason optionally provides more information about a why - the order is in the current state. - type: string - state: - description: State contains the current state of this Order resource. - States 'success' and 'expired' are 'final' - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL of the Order. This will initially be empty when the - resource is first created. The Order controller will populate this - field when the Order is first processed. This field will be immutable - after it is initially set. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - create - - update - - patch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -rules: -- apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -rules: -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificates/status - - certificaterequests - - certificaterequests/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - certificates/finalizers - - certificaterequests/finalizers - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch - - create - - delete -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - verbs: - - create - - update - - delete -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cert-manager-view -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: cert-manager-edit -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - certificates/status - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -rules: -- apiGroups: - - cert-manager.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - update -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - update - - patch -- apiGroups: - - certificates.k8s.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - sign -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -rules: -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-cainjector -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-issuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-clusterissuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificates -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-orders -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-challenges -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-ingress-shim -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-approve:cert-manager-io -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificatesigningrequests -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-webhook:subjectaccessreviews -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-cainjector:leaderelection -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager:leaderelection -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-webhook:dynamic-serving -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - ports: - - name: tcp-prometheus-servicemonitor - port: 9402 - protocol: TCP - targetPort: 9402 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - type: ClusterIP - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - template: - metadata: - creationTimestamp: null - labels: - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --leader-election-namespace=kube-system - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-cainjector - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-cainjector - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9402" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.10 - - --max-concurrent-challenges=60 - - --enable-certificate-owner-ref=true - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-controller - ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP - - containerPort: 9403 - name: http-healthz - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - template: - metadata: - creationTimestamp: null - labels: - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.12.10 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 6080 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cert-manager-webhook - ports: - - containerPort: 10250 - name: https - protocol: TCP - - containerPort: 6080 - name: healthcheck - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 6080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-webhook - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /mutate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /validate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - namespaceSelector: - matchExpressions: - - key: cert-manager.io/disable-validation - operator: NotIn - values: - - "true" - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content deleted file mode 100644 index 2f1927d79e..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: cluster-autoscaler - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -rules: -- apiGroups: - - "" - resources: - - events - - endpoints - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - "" - resources: - - pods/status - verbs: - - update -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler - resources: - - endpoints - verbs: - - get - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - watch - - list - - get - - update -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - - replicationcontrollers - - persistentvolumeclaims - - persistentvolumes - verbs: - - watch - - list - - get -- apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - watch - - list - - get -- apiGroups: - - batch - - extensions - resources: - - jobs - verbs: - - get - - list - - patch - - watch -- apiGroups: - - extensions - resources: - - replicasets - - daemonsets - verbs: - - watch - - list - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - watch - - list -- apiGroups: - - apps - resources: - - daemonsets - - replicasets - - statefulsets - verbs: - - watch - - list - - get -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - - csidrivers - - csistoragecapacities - verbs: - - watch - - list - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - cluster-autoscaler - resources: - - leases - verbs: - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler-status - resources: - - configmaps - verbs: - - delete - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - ports: - - name: http - port: 8085 - protocol: TCP - targetPort: 8085 - selector: - app.kubernetes.io/name: cluster-autoscaler - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: cluster-autoscaler - template: - metadata: - annotations: - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cluster-autoscaler - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/spot-worker - operator: DoesNotExist - weight: 1 - containers: - - command: - - ./cluster-autoscaler - - --balance-similar-node-groups=false - - --emit-per-nodegroup-metrics=false - - --cloud-provider=aws - - --aws-use-static-instance-list=false - - --expander=random - - --nodes=2:2:nodes.minimal.example.com - - --ignore-daemonsets-utilization=false - - --scale-down-utilization-threshold=0.5 - - --skip-nodes-with-local-storage=true - - --skip-nodes-with-system-pods=true - - --scale-down-delay-after-add=10m0s - - --scale-down-unneeded-time=10m0s - - --scale-down-unready-time=20m0s - - --new-pod-scale-up-delay=0s - - --max-node-provision-time=15m0s - - --cordon-node-before-terminating=true - - --logtostderr=true - - --stderrthreshold=info - - --v=4 - env: - - name: AWS_REGION - value: us-test-1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/cluster-autoscaler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.3 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health-check - port: http - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cluster-autoscaler - ports: - - containerPort: 8085 - name: http - protocol: TCP - resources: - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: ClusterFirst - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: cluster-autoscaler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 94e92cc18b..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.31.0-beta.1 - name: dns-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: dns-controller - strategy: - type: Recreate - template: - metadata: - creationTimestamp: null - labels: - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --watch-ingress=false - - --dns=aws-route53 - - --zone=*/Z1AFAKE1ZON3YO - - --internal-ipv4 - - --zone=*/* - - -v=2 - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/dns-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/kops/dns-controller:1.31.0-beta.1 - name: dns-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: Default - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccount: dns-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: dns-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - ingress - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops:dns-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:dns-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content deleted file mode 100644 index 907342d510..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ /dev/null @@ -1,225 +0,0 @@ -apiVersion: v1 -data: - config.yaml: | - {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}} -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - version: v1.31.0-beta.1 - name: kops-controller - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kops-controller - template: - metadata: - annotations: - dns.alpha.kubernetes.io/internal: kops-controller.internal.minimal.example.com - creationTimestamp: null - labels: - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - containers: - - args: - - --v=2 - - --conf=/etc/kubernetes/kops-controller/config/config.yaml - command: null - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 - name: kops-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - runAsUser: 10011 - volumeMounts: - - mountPath: /etc/kubernetes/kops-controller/config/ - name: kops-controller-config - - mountPath: /etc/kubernetes/kops-controller/pki/ - name: kops-controller-pki - dnsPolicy: Default - hostNetwork: true - nodeSelector: null - priorityClassName: system-cluster-critical - serviceAccount: kops-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - volumes: - - configMap: - name: kops-controller - name: kops-controller-config - - hostPath: - path: /etc/kubernetes/kops-controller/ - type: Directory - name: kops-controller-pki - updateStrategy: - type: OnDelete - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "" - - coordination.k8s.io - resourceNames: - - kops-controller-leader - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - patch - - update - - delete -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content deleted file mode 100644 index 658d9975d5..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ /dev/null @@ -1,276 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: system:aggregated-metrics-reader -rules: -- apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -rules: -- apiGroups: - - "" - resources: - - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:metrics-server -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - k8s-app: metrics-server - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - k8s-app: metrics-server - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metrics-server - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --secure-port=4443 - - --kubelet-use-node-status-port - - --metric-resolution=15s - - --kubelet-preferred-address-types=Hostname - - --cert-dir=/tmp - - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: https - scheme: HTTPS - periodSeconds: 10 - name: metrics-server - ports: - - containerPort: 4443 - name: https - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - periodSeconds: 10 - resources: - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: tmp-dir - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: metrics-server - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: tmp-dir - ---- - -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: v1beta1.metrics.k8s.io -spec: - group: metrics.k8s.io - groupPriorityMinimum: 100 - insecureSkipTLSVerify: true - service: - name: metrics-server - namespace: kube-system - version: v1beta1 - versionPriority: 100 - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - minAvailable: 1 - selector: - matchLabels: - k8s-app: metrics-server diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content deleted file mode 100644 index d0a993d01a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content +++ /dev/null @@ -1,682 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - role.kubernetes.io/networking: "1" - name: eniconfigs.crd.k8s.amazonaws.com -spec: - group: crd.k8s.amazonaws.com - names: - kind: ENIConfig - plural: eniconfigs - singular: eniconfig - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ENIConfig is the Schema for the eniconfigs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ENIConfigSpec defines the desired state of ENIConfig - properties: - securityGroups: - items: - type: string - type: array - subnet: - type: string - required: - - subnet - type: object - status: - description: ENIConfigStatus defines the observed state of ENIConfig - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: amazon-network-policy-controller-k8s - role.kubernetes.io/networking: "1" - name: policyendpoints.networking.k8s.aws -spec: - group: networking.k8s.aws - names: - kind: PolicyEndpoint - listKind: PolicyEndpointList - plural: policyendpoints - singular: policyendpoint - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PolicyEndpoint is the Schema for the policyendpoints API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PolicyEndpointSpec defines the desired state of PolicyEndpoint - properties: - egress: - description: Egress is the list of egress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - ingress: - description: Ingress is the list of ingress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - podIsolation: - description: PodIsolation specifies whether the pod needs to be isolated - for a particular traffic direction Ingress or Egress, or both. If - default isolation is not specified, and there are no ingress/egress - rules, then the pod is not isolated from the point of view of this - policy. This follows the NetworkPolicy spec.PolicyTypes. - items: - description: PolicyType string describes the NetworkPolicy type - This type is beta-level in 1.8 - type: string - type: array - podSelector: - description: PodSelector is the podSelector from the policy resource - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelectorEndpoints: - description: PodSelectorEndpoints contains information about the pods - matching the podSelector - items: - description: PodEndpoint defines the summary information for the - pods - properties: - hostIP: - description: HostIP is the IP address of the host the pod is - currently running on - type: string - name: - description: Name is the pod name - type: string - namespace: - description: Namespace is the pod namespace - type: string - podIP: - description: PodIP is the IP address of the pod - type: string - required: - - hostIP - - name - - namespace - - podIP - type: object - type: array - policyRef: - description: PolicyRef is a reference to the Kubernetes NetworkPolicy - resource. - properties: - name: - description: Name is the name of the Policy - type: string - namespace: - description: Namespace is the namespace of the Policy - type: string - required: - - name - - namespace - type: object - required: - - policyRef - type: object - status: - description: PolicyEndpointStatus defines the observed state of PolicyEndpoint - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system - ---- - -apiVersion: v1 -data: - branch-eni-cooldown: "60" - enable-network-policy-controller: "false" - enable-windows-ipam: "false" - enable-windows-prefix-delegation: "false" - minimum-ip-target: "3" - warm-ip-target: "1" - warm-prefix-target: "0" -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: amazon-vpc-cni - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.0 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -rules: -- apiGroups: - - crd.k8s.amazonaws.com - resources: - - eniconfigs - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - get -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints/status - verbs: - - get -- apiGroups: - - vpcresources.k8s.aws - resources: - - cninodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node -subjects: -- kind: ServiceAccount - name: aws-node - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-node - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/name: aws-node - k8s-app: aws-node - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - hybrid - - auto - containers: - - env: - - name: ADDITIONAL_ENI_TAGS - value: '{"KubernetesCluster":"minimal.example.com","kubernetes.io/cluster/minimal.example.com":"owned"}' - - name: AWS_VPC_CNI_NODE_PORT_SUPPORT - value: "true" - - name: AWS_VPC_ENI_MTU - value: "9001" - - name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER - value: "false" - - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG - value: "false" - - name: AWS_VPC_K8S_CNI_EXTERNALSNAT - value: "false" - - name: AWS_VPC_K8S_CNI_LOGLEVEL - value: DEBUG - - name: AWS_VPC_K8S_CNI_LOG_FILE - value: /host/var/log/aws-routed-eni/ipamd.log - - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT - value: prng - - name: AWS_VPC_K8S_CNI_VETHPREFIX - value: eni - - name: AWS_VPC_K8S_PLUGIN_LOG_FILE - value: /var/log/aws-routed-eni/plugin.log - - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL - value: DEBUG - - name: DISABLE_INTROSPECTION - value: "false" - - name: DISABLE_METRICS - value: "false" - - name: DISABLE_NETWORK_RESOURCE_PROVISIONING - value: "false" - - name: ENABLE_IPv4 - value: "true" - - name: ENABLE_IPv6 - value: "false" - - name: ENABLE_POD_ENI - value: "false" - - name: ENABLE_PREFIX_DELEGATION - value: "false" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - - name: NETWORK_POLICY_ENFORCING_MODE - value: standard - - name: WARM_ENI_TARGET - value: "1" - - name: WARM_PREFIX_TARGET - value: "1" - - name: VPC_CNI_VERSION - value: v1.19.2 - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CLUSTER_NAME - value: minimal.example.com - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.2 - livenessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 60 - timeoutSeconds: 10 - name: aws-node - ports: - - containerPort: 61678 - name: metrics - readinessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /host/var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - - mountPath: /run/xtables.lock - name: xtables-lock - - args: - - --enable-ipv6=false - - --enable-network-policy=false - - --enable-cloudwatch-logs=false - - --enable-policy-event-logs=false - - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - - --metrics-bind-addr=:8162 - - --health-probe-bind-addr=:8163 - - --conntrack-cache-cleanup-period=300 - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.6 - name: aws-eks-nodeagent - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /sys/fs/bpf - name: bpf-pin-path - - mountPath: /var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - hostNetwork: true - initContainers: - - env: - - name: DISABLE_TCP_EARLY_DEMUX - value: "false" - - name: ENABLE_IPv6 - value: "false" - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.2 - name: aws-vpc-cni-init - resources: - requests: - cpu: 25m - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - priorityClassName: system-node-critical - serviceAccountName: aws-node - terminationGracePeriodSeconds: 10 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /sys/fs/bpf - name: bpf-pin-path - - hostPath: - path: /opt/cni/bin - name: cni-bin-dir - - hostPath: - path: /etc/cni/net.d - name: cni-net-dir - - hostPath: - path: /var/log/aws-routed-eni - type: DirectoryOrCreate - name: log-dir - - hostPath: - path: /var/run/aws-node - type: DirectoryOrCreate - name: run-dir - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content deleted file mode 100644 index da3a64de54..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content +++ /dev/null @@ -1,285 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - extensions - resources: - - daemonsets - verbs: - - get -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node-termination-handler -subjects: -- kind: ServiceAccount - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kubernetes.io/os: linux - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - k8s-app: aws-node-termination-handler - kops.k8s.io/managed-by: kops - kops.k8s.io/nth-mode: sqs - kubernetes.io/os: linux - spec: - containers: - - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: "true" - - name: PROBES_SERVER_PORT - value: "8080" - - name: PROBES_SERVER_ENDPOINT - value: /healthz - - name: LOG_LEVEL - value: info - - name: JSON_LOGGING - value: "true" - - name: LOG_FORMAT_VERSION - value: "2" - - name: ENABLE_PROMETHEUS_SERVER - value: "false" - - name: PROMETHEUS_SERVER_PORT - value: "9092" - - name: CHECK_TAG_BEFORE_DRAINING - value: "true" - - name: MANAGED_TAG - value: aws-node-termination-handler/managed - - name: USE_PROVIDER_ID - value: "true" - - name: DRY_RUN - value: "false" - - name: CORDON_ONLY - value: "false" - - name: TAINT_NODE - value: "false" - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: "true" - - name: DELETE_LOCAL_DATA - value: "true" - - name: IGNORE_DAEMON_SETS - value: "true" - - name: POD_TERMINATION_GRACE_PERIOD - value: "-1" - - name: NODE_TERMINATION_GRACE_PERIOD - value: "120" - - name: EMIT_KUBERNETES_EVENTS - value: "true" - - name: COMPLETE_LIFECYCLE_ACTION_DELAY_SECONDS - value: "-1" - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "true" - - name: QUEUE_URL - value: https://sqs.us-test-1.amazonaws.com/123456789012/minimal-example-com-nth - - name: DELETE_SQS_MSG_IF_NODE_NOT_FOUND - value: "false" - - name: WORKERS - value: "10" - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-node-termination-handler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.22.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - name: aws-node-termination-handler - ports: - - containerPort: 8080 - name: liveness-probe - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - resources: - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - serviceAccountName: aws-node-termination-handler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content deleted file mode 100644 index f382104015..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content +++ /dev/null @@ -1,1372 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - shortNames: - - vsclass - - vsclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotClass - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - shortNames: - - vsc - - vscs - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - oneOf: - - required: - - snapshotHandle - - required: - - volumeHandle - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotContent - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - shortNames: - - vs - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - oneOf: - - required: - - persistentVolumeClaimName - - required: - - volumeSnapshotContentName - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshot - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-runner -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: snapshot-controller-leaderelection -subjects: -- kind: ServiceAccount - name: snapshot-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: snapshot-controller-runner -subjects: -- kind: ServiceAccount - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system -spec: - minReadySeconds: 15 - replicas: 2 - selector: - matchLabels: - app: snapshot-controller - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --v=5 - - --leader-election=true - image: registry.k8s.io/sig-storage/snapshot-controller:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-controller - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app: snapshot-validation - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-deployment - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: snapshot-validation - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-validation - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt - - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key - image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-validation - ports: - - containerPort: 443 - volumeMounts: - - mountPath: /etc/snapshot-validation-webhook/certs - name: snapshot-validation-webhook-certs - readOnly: true - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: snapshot-validation-webhook-certs - secret: - secretName: snapshot-validation-secret - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: snapshot-validation - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/snapshot-validation-service - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: validation-webhook.snapshot.storage.k8s.io -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: snapshot-validation-service - namespace: kube-system - path: /volumesnapshot - failurePolicy: Ignore - name: validation-webhook.snapshot.storage.k8s.io - rules: - - apiGroups: - - snapshot.storage.k8s.io - apiVersions: - - v1 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - volumesnapshots - - volumesnapshotcontents - scope: '*' - sideEffects: None - timeoutSeconds: 2 - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - dnsNames: - - snapshot-validation-service.kube-system.svc - - snapshot-validation-service.kube-system.svc.minimal.example.com - issuerRef: - kind: Issuer - name: snapshot-controller.addons.k8s.io - secretName: snapshot-validation-secret diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content deleted file mode 100644 index d93b0e4605..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ /dev/null @@ -1,334 +0,0 @@ -APIServerConfig: - API: - dns: {} - publicName: api.minimal.example.com - ClusterDNSDomain: cluster.local - KubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - ServiceAccountPublicKeys: | - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm - XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ== - -----END RSA PUBLIC KEY----- - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF - Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ== - -----END RSA PUBLIC KEY----- -Assets: - amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 - arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 -CAs: - apiserver-aggregator-ca: | - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gINaZLHjisEcbMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTExMloX - DTMxMDYzMDA0NTExMlowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQAHAomFKsF4jvYX - WM/UzQXDj9nSAFTf8dBPCXyZZNotsOH7+P6W4mMiuVs8bAuGiXGUdbsQ2lpiT/Rk - CzMeMdr4 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gM0nxQpiX/agfMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTIzMVoX - DTMxMDYzMDA0NTIzMVowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQCXsoezoxXu2CEN - QdlXZOfmBT6cqxIX/RMHXhpHwRiqPsTO8IO2bVA8CSzxNwMuSv/ZtrMHoh8+PcVW - HLtkTXH8 - -----END CERTIFICATE----- - etcd-clients-ca: | - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1ogHnr26DL9YkqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjE5MDFaFw0zMTA2Mjgx - NjE5MDFaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAAZAdf8ROEVkr3Rf7I+s+CQOil2toadlKWOY - qCeJ2XaEROfp9aUTEIU1MGM3g57MPyAPPU7mURskuOQz6B1UFaY= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1olfBnC/CsT+dqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjIwMzNaFw0zMTA2Mjgx - NjIwMzNaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAF1xUz77PlUVUnd9duF8F7plou0TONC9R6/E - YQ8C6vM1b+9NSDGjCW8YmwEU2fBgskb/BBX2lwVZ32/RUEju4Co= - -----END CERTIFICATE----- - etcd-manager-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bKjm04vB4rNtaMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAwOTU2WhcN - MzEwNzA1MjAwOTU2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/H - g7RxWo15+1kgH3suO0lxp9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBg6 - CEZkQNnRkARBwFce03AEWa+sMA0GCSqGSIb3DQEBCwUAA0EAJMnBThok/uUe8q8O - sS5q19KUuE8YCTUzMDj36EBKf6NX4NoakCa1h6kfQVtlMtEIMWQZCjbm8xGK5ffs - GS/VUw== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bQ+EgIiBmGghjMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAxMTQ2WhcN - MzEwNzA1MjAxMTQ2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjL - DMxsmTsINiQkTQaFlb+XPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNuW - LLH5c8kDubDbr6BHgedW0iJ9MA0GCSqGSIb3DQEBCwUAA0EAiKUoBoaGu7XzboFE - hjfKlX0TujqWuW3qMxDEJwj4dVzlSLrAoB/G01MJ+xxYKh456n48aG6N827UPXhV - cPfVNg== - -----END CERTIFICATE----- - etcd-manager-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjm1c3jfv6hIMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAxbkDbGYmCSShpRG3r+lzTOFujyuruRfjOhYm - ZRX4w1Utd5y63dUc98sjc9GGUYMHd+0k1ql/a48tGhnK6N6jJwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWZLkbBFx - GAgPU4i62c52unSo7RswDQYJKoZIhvcNAQELBQADQQAj6Pgd0va/8FtkyMlnohLu - Gf4v8RJO6zk3Y6jJ4+cwWziipFM1ielMzSOZfFcCZgH3m5Io40is4hPSqyq2TOA6 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eg8Si30gr4MA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAw33jzcd/iosN04b0WXbDt7B0c3sJ3aafcGLP - vG3xRB9N5bYr9+qZAq3mzAFkxscn4j1ce5b1/GKTDEAClmZgdQIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUE/h+3gDP - DvKwHRyiYlXM8voZ1wowDQYJKoZIhvcNAQELBQADQQBXuimeEoAOu5HN4hG7NqL9 - t40K3ZRhRZv3JQWnRVJCBDjg1rD0GQJR/n+DoWvbeijI5C9pNjr2pWSIYR1eYCvd - -----END CERTIFICATE----- - etcd-peers-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjmxTPh3/lYJMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAv5g4HF2xmrYyouJfY9jXx1M3gPLD/pupvxPY - xyjJw5pNCy5M5XGS3iTqRD5RDE0fWudVHFZKLIe8WPc06NApXwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUf6xiDI+O - Yph1ziCGr2hZaQYt+fUwDQYJKoZIhvcNAQELBQADQQBBxj5hqEQstonTb8lnqeGB - DEYtUeAk4eR/HzvUMjF52LVGuvN3XVt+JTrFeKNvb6/RDUbBNRj3azalcUkpPh6V - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eq69jgzpKwMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAo5Nj2CjX1qp3mEPw1H5nHAFWLoGNSLSlRFJW - 03NxaNPMFzL5PrCoyOXrX8/MWczuZYw0Crf8EPOOQWi2+W0XLwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxauhhKQh - cvdZND78rHe0RQVTTiswDQYJKoZIhvcNAQELBQADQQB+cq4jIS9q0zXslaRa+ViI - J+dviA3sMygbmSJO0s4DxYmoazKJblux5q0ASSvS9iL1l9ShuZ1dWyp2tpZawHyb - -----END CERTIFICATE----- - etcd-peers-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bKjmuLDDLcDHsMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDA5NTZaFw0zMTA3 - MDUyMDA5NTZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCyRaXWpwgN6INQqws9p/BvPElJv2Rno9dVTFhlQqDA - aUJXe7MBmiO4NJcW76EozeBh5ztR3/4NE1FM2x8TisS3AgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtE1d49uSvpURf - OQ25Vlu6liY20DANBgkqhkiG9w0BAQsFAANBAAgLVaetJZcfOA3OIMMvQbz2Ydrt - uWF9BKkIad8jrcIrm3IkOtR8bKGmDIIaRKuG/ZUOL6NMe2fky3AAfKwleL4= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bQ+EuVthBfuZvMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDExNDZaFw0zMTA3 - MDUyMDExNDZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCxNbycDZNx5V1ZOiXxZSvaFpHRwKeHDfcuMUitdoPt - naVMlMTGDWAMuCVmFHFAWohIYynemEegmZkZ15S7AErfAgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAjQ8T4HclPIsC - qipEfUIcLP6jqTANBgkqhkiG9w0BAQsFAANBAJdZ17TN3HlWrH7HQgfR12UBwz8K - G9DurDznVaBVUYaHY8Sg5AvAXeb+yIF2JMmRR+bK+/G1QYY2D3/P31Ic2Oo= - -----END CERTIFICATE----- - kubernetes-ca: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- -ClusterName: minimal.example.com -ControlPlaneConfig: - KubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 - leaderElection: - leaderElect: true - logLevel: 2 -DNSZone: Z1AFAKE1ZON3YO -DefaultMachineType: m3.medium -EtcdClusterNames: -- main -- events -FileAssets: -- content: | - apiVersion: kubescheduler.config.k8s.io/v1 - clientConnection: - kubeconfig: /var/lib/kube-scheduler/kubeconfig - kind: KubeSchedulerConfiguration - path: /var/lib/kube-scheduler/config.yaml -Hooks: -- null -- null -KeypairIDs: - apiserver-aggregator-ca: "6980187172486667078076483355" - etcd-clients-ca: "6979622252718071085282986282" - etcd-manager-ca-events: "6982279354000777253151890266" - etcd-manager-ca-main: "6982279354000936168671127624" - etcd-peers-ca-events: "6982279353999767935825892873" - etcd-peers-ca-main: "6982279353998887468930183660" - kubernetes-ca: "6982820025135291416230495506" - service-account: "2" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/kops-controller-pki: "" - node-role.kubernetes.io/control-plane: "" - node.kubernetes.io/exclude-from-external-load-balancers: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - taints: - - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -channels: -- memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml -configStore: - keypairs: memfs://clusters.example.com/minimal.example.com/pki - secrets: memfs://clusters.example.com/minimal.example.com/secrets -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -etcdManifests: -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml -staticManifests: -- key: kube-apiserver-healthcheck - path: manifests/static/kube-apiserver-healthcheck.yaml -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index abe3b2d5a2..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,62 +0,0 @@ -Assets: - amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -DefaultMachineType: t2.medium -Hooks: -- null -- null -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.25.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml deleted file mode 100644 index f5b46c3c27..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/in-v1alpha2.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - clusterAutoscaler: - enabled: true - metricsServer: - enabled: true - kubernetesApiAccess: - - 0.0.0.0/0 - channel: stable - cloudConfig: - awsEBSCSIDriver: - enabled: true - cloudControllerManager: - cloudProvider: aws - cloudProvider: aws - configBase: memfs://clusters.example.com/minimal.example.com - etcdClusters: - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - iam: - useServiceAccountExternalPermissions: true - kubelet: - anonymousAuth: false - kubernetesVersion: v1.25.0 - masterPublicName: api.minimal.example.com - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - enabled: true - nonMasqueradeCIDR: 172.20.0.0/16 - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: m3.medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test-1a diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf deleted file mode 100644 index 312922f210..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/kubernetes.tf +++ /dev/null @@ -1,1213 +0,0 @@ -locals { - cluster_name = "minimal.example.com" - iam_openid_connect_provider_arn = aws_iam_openid_connect_provider.minimal-example-com.arn - iam_openid_connect_provider_issuer = "discovery.example.com/minimal.example.com" - kube-system-aws-cloud-controller-manager_role_arn = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn - kube-system-aws-cloud-controller-manager_role_name = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name - kube-system-aws-load-balancer-controller_role_arn = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn - kube-system-aws-load-balancer-controller_role_name = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name - kube-system-aws-node-termination-handler_role_arn = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn - kube-system-aws-node-termination-handler_role_name = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name - kube-system-cluster-autoscaler_role_arn = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn - kube-system-cluster-autoscaler_role_name = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name - kube-system-dns-controller_role_arn = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn - kube-system-dns-controller_role_name = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name - kube-system-ebs-csi-controller-sa_role_arn = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn - kube-system-ebs-csi-controller-sa_role_name = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name - master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] - master_security_group_ids = [aws_security_group.masters-minimal-example-com.id] - masters_role_arn = aws_iam_role.masters-minimal-example-com.arn - masters_role_name = aws_iam_role.masters-minimal-example-com.name - node_autoscaling_group_ids = [aws_autoscaling_group.nodes-minimal-example-com.id] - node_security_group_ids = [aws_security_group.nodes-minimal-example-com.id] - node_subnet_ids = [aws_subnet.us-test-1a-minimal-example-com.id] - nodes_role_arn = aws_iam_role.nodes-minimal-example-com.arn - nodes_role_name = aws_iam_role.nodes-minimal-example-com.name - region = "us-test-1" - route_table_public_id = aws_route_table.minimal-example-com.id - subnet_us-test-1a_id = aws_subnet.us-test-1a-minimal-example-com.id - vpc_cidr_block = aws_vpc.minimal-example-com.cidr_block - vpc_id = aws_vpc.minimal-example-com.id - vpc_ipv6_cidr_block = aws_vpc.minimal-example-com.ipv6_cidr_block - vpc_ipv6_cidr_length = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -output "cluster_name" { - value = "minimal.example.com" -} - -output "iam_openid_connect_provider_arn" { - value = aws_iam_openid_connect_provider.minimal-example-com.arn -} - -output "iam_openid_connect_provider_issuer" { - value = "discovery.example.com/minimal.example.com" -} - -output "kube-system-aws-cloud-controller-manager_role_arn" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-cloud-controller-manager_role_name" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-load-balancer-controller_role_arn" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-load-balancer-controller_role_name" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-node-termination-handler_role_arn" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-node-termination-handler_role_name" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-cluster-autoscaler_role_arn" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-cluster-autoscaler_role_name" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-dns-controller_role_arn" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-dns-controller_role_name" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-ebs-csi-controller-sa_role_arn" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-ebs-csi-controller-sa_role_name" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -output "master_autoscaling_group_ids" { - value = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] -} - -output "master_security_group_ids" { - value = [aws_security_group.masters-minimal-example-com.id] -} - -output "masters_role_arn" { - value = aws_iam_role.masters-minimal-example-com.arn -} - -output "masters_role_name" { - value = aws_iam_role.masters-minimal-example-com.name -} - -output "node_autoscaling_group_ids" { - value = [aws_autoscaling_group.nodes-minimal-example-com.id] -} - -output "node_security_group_ids" { - value = [aws_security_group.nodes-minimal-example-com.id] -} - -output "node_subnet_ids" { - value = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -output "nodes_role_arn" { - value = aws_iam_role.nodes-minimal-example-com.arn -} - -output "nodes_role_name" { - value = aws_iam_role.nodes-minimal-example-com.name -} - -output "region" { - value = "us-test-1" -} - -output "route_table_public_id" { - value = aws_route_table.minimal-example-com.id -} - -output "subnet_us-test-1a_id" { - value = aws_subnet.us-test-1a-minimal-example-com.id -} - -output "vpc_cidr_block" { - value = aws_vpc.minimal-example-com.cidr_block -} - -output "vpc_id" { - value = aws_vpc.minimal-example-com.id -} - -output "vpc_ipv6_cidr_block" { - value = aws_vpc.minimal-example-com.ipv6_cidr_block -} - -output "vpc_ipv6_cidr_length" { - value = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -provider "aws" { - region = "us-test-1" -} - -provider "aws" { - alias = "files" - region = "us-test-1" -} - -resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.master-us-test-1a-masters-minimal-example-com.id - version = aws_launch_template.master-us-test-1a-masters-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 1 - metrics_granularity = "1Minute" - min_size = 1 - name = "master-us-test-1a.masters.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "master-us-test-1a.masters.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/control-plane" - propagate_at_launch = true - value = "1" - } - tag { - key = "k8s.io/role/master" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "master-us-test-1a" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_group" "nodes-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.nodes-minimal-example-com.id - version = aws_launch_template.nodes-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 2 - metrics_granularity = "1Minute" - min_size = 2 - name = "nodes.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "nodes.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/node" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "nodes" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_lifecycle_hook" "master-us-test-1a-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "master-us-test-1a-NTHLifecycleHook" -} - -resource "aws_autoscaling_lifecycle_hook" "nodes-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.nodes-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "nodes-NTHLifecycleHook" -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-ASGLifecycle" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern") - name = "minimal.example.com-ASGLifecycle" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-ASGLifecycle" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceScheduledChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern") - name = "minimal.example.com-InstanceScheduledChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceScheduledChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceStateChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern") - name = "minimal.example.com-InstanceStateChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceStateChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-SpotInterruption" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern") - name = "minimal.example.com-SpotInterruption" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-SpotInterruption" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-ASGLifecycle-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-ASGLifecycle.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceScheduledChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceScheduledChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceStateChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceStateChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-SpotInterruption-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-SpotInterruption.id -} - -resource "aws_ebs_volume" "us-test-1a-etcd-events-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-events.minimal.example.com" - "k8s.io/etcd/events" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_ebs_volume" "us-test-1a-etcd-main-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-main.minimal.example.com" - "k8s.io/etcd/main" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_iam_instance_profile" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - role = aws_iam_role.masters-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_instance_profile" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - role = aws_iam_role.nodes-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_openid_connect_provider" "minimal-example-com" { - client_id_list = ["amazonaws.com"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280", "a9d53002e97e00e043244f3d170d6f4c414104fd"] - url = "https://discovery.example.com/minimal.example.com" -} - -resource "aws_iam_role" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-cloud-controller-manager" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-load-balancer-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-node-termination-handler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "cluster-autoscaler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "cluster-autoscaler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "dns-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy") - name = "dns-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "dns-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "dns-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "ebs-csi-controller-sa" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "masters-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_masters.minimal.example.com_policy") - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role" "nodes-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.minimal.example.com_policy") - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role_policy" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "dns-controller-kube-system-sa-minimal-example-com" { - name = "dns-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_masters.minimal.example.com_policy") - role = aws_iam_role.masters-minimal-example-com.name -} - -resource "aws_iam_role_policy" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_nodes.minimal.example.com_policy") - role = aws_iam_role.nodes-minimal-example-com.name -} - -resource "aws_internet_gateway" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_key_pair" "kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { - key_name = "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" - public_key = file("${path.module}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 64 - volume_type = "gp3" - } - } - block_device_mappings { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } - iam_instance_profile { - name = aws_iam_instance_profile.masters-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "m3.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "master-us-test-1a.masters.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.masters-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data") -} - -resource "aws_launch_template" "nodes-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 128 - volume_type = "gp3" - } - } - iam_instance_profile { - name = aws_iam_instance_profile.nodes-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "t2.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "nodes.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.nodes-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_nodes.minimal.example.com_user_data") -} - -resource "aws_route" "route-0-0-0-0--0" { - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route" "route-__--0" { - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route_table" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/kops/role" = "public" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_route_table_association" "us-test-1a-minimal-example-com" { - route_table_id = aws_route_table.minimal-example-com.id - subnet_id = aws_subnet.us-test-1a-minimal-example-com.id -} - -resource "aws_s3_object" "cluster-completed-spec" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_cluster-completed.spec_content") - key = "clusters.example.com/minimal.example.com/cluster-completed.spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "discovery-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_discovery.json_content") - key = "discovery.example.com/minimal.example.com/.well-known/openid-configuration" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-events" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-events_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/events/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-main" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-main_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/main/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "keys-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_keys.json_content") - key = "discovery.example.com/minimal.example.com/openid/v1/jwks" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "kops-version-txt" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_kops-version.txt_content") - key = "clusters.example.com/minimal.example.com/kops-version.txt" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-events-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-main-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-static-kube-apiserver-healthcheck" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content") - key = "clusters.example.com/minimal.example.com/manifests/static/kube-apiserver-healthcheck.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-cloud-controller-addons-k8s-io-k8s-1-18" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content") - key = "clusters.example.com/minimal.example.com/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-ebs-csi-driver-addons-k8s-io-k8s-1-17" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content") - key = "clusters.example.com/minimal.example.com/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-load-balancer-controller-addons-k8s-io-k8s-1-19" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content") - key = "clusters.example.com/minimal.example.com/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-bootstrap" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content") - key = "clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-certmanager-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/certmanager.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-cluster-autoscaler-addons-k8s-io-k8s-1-15" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content") - key = "clusters.example.com/minimal.example.com/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-coredns-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/coredns.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s-io-k8s-1-9" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content") - key = "clusters.example.com/minimal.example.com/addons/kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") - key = "clusters.example.com/minimal.example.com/addons/limit-range.addons.k8s.io/v1.5.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-metrics-server-addons-k8s-io-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-networking-amazon-vpc-routed-eni-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-node-termination-handler-aws-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/node-termination-handler.aws/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-snapshot-controller-addons-k8s-io-k8s-1-20" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content") - key = "clusters.example.com/minimal.example.com/addons/snapshot-controller.addons.k8s.io/k8s-1.20.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-storage-aws-addons-k8s-io-v1-15-0" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content") - key = "clusters.example.com/minimal.example.com/addons/storage-aws.addons.k8s.io/v1.15.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/igconfig/control-plane/master-us-test-1a/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-nodes" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-nodes_content") - key = "clusters.example.com/minimal.example.com/igconfig/node/nodes/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_security_group" "masters-minimal-example-com" { - description = "Security group for masters" - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group" "nodes-minimal-example-com" { - description = "Security group for nodes" - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 443 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" { - from_port = 1 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 2379 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" { - from_port = 2382 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 4000 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" { - from_port = 4003 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" { - from_port = 1 - protocol = "udp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_sqs_queue" "minimal-example-com-nth" { - message_retention_seconds = 300 - name = "minimal-example-com-nth" - policy = file("${path.module}/data/aws_sqs_queue_minimal-example-com-nth_policy") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal-example-com-nth" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_subnet" "us-test-1a-minimal-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.32.0/19" - enable_resource_name_dns_a_record_on_launch = true - private_dns_hostname_type_on_launch = "resource-name" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.minimal.example.com" - "SubnetType" = "Public" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/role/elb" = "1" - "kubernetes.io/role/internal-elb" = "1" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_vpc" "minimal-example-com" { - assign_generated_ipv6_cidr_block = true - cidr_block = "172.20.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options" "minimal-example-com" { - domain_name = "us-test-1.compute.internal" - domain_name_servers = ["AmazonProvidedDNS"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options_association" "minimal-example-com" { - dhcp_options_id = aws_vpc_dhcp_options.minimal-example-com.id - vpc_id = aws_vpc.minimal-example-com.id -} - -terraform { - required_version = ">= 0.15.0" - required_providers { - aws = { - "configuration_aliases" = [aws.files] - "source" = "hashicorp/aws" - "version" = ">= 5.0.0" - } - } -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/README.md b/tests/integration/update_cluster/many-addons-ccm-irsa26/README.md deleted file mode 100644 index d173d34f98..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/README.md +++ /dev/null @@ -1,9 +0,0 @@ -Simple test of (experimental) JWKS functionality - -We have to use a fixed CA because the fingerprint is inserted into the AWS WebIdentity configuration. - -ca.crt & ca.key generated with: - -``` -openssl req -new -newkey rsa:512 -days 3650 -nodes -x509 -subj "/CN=kubernetes" -keyout ca.key -out ca.crt -config <(cat /etc/ssl/openssl.cnf <(printf "[ v3_ca ]\nkeyUsage = critical,keyCertSign,cRLSign")) -``` diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6c18833de4..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-cloud-controller-manager" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 94a1874349..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 3266f85030..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:aws-node-termination-handler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6a4c827804..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:cluster-autoscaler" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a1f5c8e2f8..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:dns-controller" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 6bd6048b16..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Statement": [ - { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": { - "StringEquals": { - "discovery.example.com/minimal.example.com:sub": "system:serviceaccount:kube-system:ebs-csi-controller-sa" - } - }, - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws-test:iam::123456789012:oidc-provider/discovery.example.com/minimal.example.com" - } - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index d05670c189..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,116 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:ModifyInstanceAttribute", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index e141f8b925..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,118 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "acm:DescribeCertificate", - "acm:ListCertificates", - "cognito-idp:DescribeUserPoolClient", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteRule", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyRule", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:RemoveTags", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws-test:ec2:*:*:vpc/*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index a2a9cfce2e..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,26 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeTags", - "ec2:DescribeInstances", - "sqs:DeleteMessage", - "sqs:ReceiveMessage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:CompleteLifecycleAction", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 89ba38c735..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,32 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeScalingActivities", - "ec2:DescribeImages", - "ec2:DescribeInstanceTypes", - "ec2:DescribeLaunchTemplateVersions", - "ec2:GetInstanceTypesFromInstanceRequirements" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index c3f164caee..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,35 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy deleted file mode 100644 index 5dd615cd76..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ /dev/null @@ -1,91 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com", - "ec2:CreateAction": [ - "CreateVolume", - "CreateSnapshot" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:snapshot/*", - "arn:aws-test:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AttachVolume", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:CreateVolume" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "minimal.example.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy deleted file mode 100644 index d6666452b0..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ /dev/null @@ -1,137 +0,0 @@ -{ - "Statement": [ - { - "Action": "ec2:AttachVolume", - "Condition": { - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "minimal.example.com", - "aws:ResourceTag/k8s.io/role/master": "1" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:Get*" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-write-bucket" - ] - }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetHostedZone", - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Action": [ - "route53:GetChange" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:route53:::change/*" - ] - }, - { - "Action": [ - "route53:ListHostedZones", - "route53:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:CreateGrant", - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:GenerateDataKey*", - "kms:GenerateRandom", - "kms:ReEncrypt*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy deleted file mode 100644 index d18bc3afc1..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ /dev/null @@ -1,48 +0,0 @@ -{ - "Statement": [ - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:ListBucket", - "s3:ListBucketVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:s3:::placeholder-read-bucket" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data deleted file mode 100644 index 7a1cac56e2..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigBase: memfs://clusters.example.com/minimal.example.com -InstanceGroupName: master-us-test-1a -InstanceGroupRole: ControlPlane -NodeupConfigHash: CDKhVFdu3Wzi7gM/Guzh59cp2VZqBae3DZ1OQWj2guU= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content deleted file mode 100644 index f3474a4cf8..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_cluster-completed.spec_content +++ /dev/null @@ -1,256 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - api: - dns: {} - authorization: - alwaysAllow: {} - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - channel: stable - cloudConfig: - awsEBSCSIDriver: - version: v1.33.0 - manageStorageClasses: true - cloudControllerManager: - allocateNodeCIDRs: true - cloudProvider: aws - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 - leaderElection: - leaderElect: true - cloudProvider: aws - clusterAutoscaler: - awsUseStaticInstanceList: false - balanceSimilarNodeGroups: false - emitPerNodegroupMetrics: false - enabled: true - expander: random - ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 - maxNodeProvisionTime: 15m0s - newPodScaleUpDelay: 0s - scaleDownDelayAfterAdd: 10m0s - scaleDownUnneededTime: 10m0s - scaleDownUnreadyTime: 20m0s - scaleDownUtilizationThreshold: "0.5" - skipNodesWithCustomControllerPods: true - skipNodesWithLocalStorage: true - skipNodesWithSystemPods: true - clusterDNSDomain: cluster.local - configBase: memfs://clusters.example.com/minimal.example.com - containerd: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 - dnsZone: Z1AFAKE1ZON3YO - etcdClusters: - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/main - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: main - version: 3.5.17 - - backups: - backupStore: memfs://clusters.example.com/minimal.example.com/backups/etcd/events - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - manager: - backupRetentionDays: 90 - name: events - version: 3.5.17 - externalDns: - provider: dns-controller - iam: - legacy: false - useServiceAccountExternalPermissions: true - keyStore: memfs://clusters.example.com/minimal.example.com/pki - kubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - kubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - kubeDNS: - cacheMaxConcurrent: 150 - cacheMaxSize: 1000 - cpuRequest: 100m - domain: cluster.local - memoryLimit: 170Mi - memoryRequest: 70Mi - nodeLocalDNS: - additionalConfig: | - googleapis.com:53 { - bind 169.254.20.10 - forward . 10.238.1.130 - } - cpuRequest: 25m - enabled: true - forwardToKubeDNS: false - image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 - localIP: 169.254.20.10 - memoryRequest: 5Mi - provider: CoreDNS - serverIP: 100.64.0.10 - kubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 - kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 - kubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - kubernetesApiAccess: - - 0.0.0.0/0 - kubernetesVersion: 1.26.0 - masterKubelet: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - masterPublicName: api.minimal.example.com - metricsServer: - enabled: true - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - cpuRequest: 50m - deleteSQSMsgIfNodeNotFound: false - enableRebalanceDraining: false - enableRebalanceMonitoring: false - enableScheduledEventDraining: true - enableSpotInterruptionDraining: true - enabled: true - excludeFromLoadBalancers: true - managedASGTag: aws-node-termination-handler/managed - memoryRequest: 64Mi - podTerminationGracePeriod: -1 - prometheusEnable: false - taintNode: false - version: v1.22.0 - nonMasqueradeCIDR: 172.20.0.0/16 - podCIDR: 172.20.128.0/17 - secretStore: memfs://clusters.example.com/minimal.example.com/secrets - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - serviceClusterIPRange: 100.64.0.0/13 - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - topology: - dns: - type: Public diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content deleted file mode 100644 index aba05dfd1a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_discovery.json_content +++ /dev/null @@ -1,18 +0,0 @@ -{ -"issuer": "https://discovery.example.com/minimal.example.com", -"jwks_uri": "https://discovery.example.com/minimal.example.com/openid/v1/jwks", -"authorization_endpoint": "urn:kubernetes:programmatic_authorization", -"response_types_supported": [ -"id_token" -], -"subject_types_supported": [ -"public" -], -"id_token_signing_alg_values_supported": [ -"RS256" -], -"claims_supported": [ -"sub", -"iss" -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content deleted file mode 100644 index ddcbc6ed75..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_keys.json_content +++ /dev/null @@ -1,20 +0,0 @@ -{ -"keys": [ -{ -"use": "sig", -"kty": "RSA", -"kid": "3mNcULfgtWECYyZWY5ow1rOHjiRwEZHx28HQcRec3Ew", -"alg": "RS256", -"n": "2JbeF8dNwqfEKKD65aGlVs58fWkA0qZdVLKw8qATzRBJTi1nqbj2kAR4gyy_C8Mxouxva_om9d7Sq8Ka55T7-w", -"e": "AQAB" -}, -{ -"use": "sig", -"kty": "RSA", -"kid": "G-cZ10iKJqrXhR15ivI7Lg2q_cuL0zN9ouL0vF67FLc", -"alg": "RS256", -"n": "o4Tridlsf4Yz3UAiup_scSTiG_OqxkUW3Fz7zGKvVcLeYj9GEIKuzoB1VFk1nboDq4cCuGLfdzaQdCQKPIsDuw", -"e": "AQAB" -} -] -} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content deleted file mode 100644 index 4eb0d5b03a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-events - name: etcd-manager-events - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3997 --peer-urls=https://__name__:2381 - --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events - --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-events - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd-events.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content deleted file mode 100644 index e2d9e5d30a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null - labels: - k8s-app: etcd-manager-main - name: etcd-manager-main - namespace: kube-system -spec: - containers: - - command: - - /bin/sh - - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd/main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --grpc-port=3996 --peer-urls=https://__name__:2380 - --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main - --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/control-plane=1 - --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 - env: - - name: ETCD_MANAGER_DAILY_BACKUPS_RETENTION - value: 90d - image: registry.k8s.io/etcd-manager/etcd-manager-slim:v3.0.20241012 - name: etcd-manager - resources: - requests: - cpu: 200m - memory: 100Mi - securityContext: - privileged: true - volumeMounts: - - mountPath: /rootfs - name: rootfs - - mountPath: /run - name: run - - mountPath: /etc/kubernetes/pki/etcd-manager - name: pki - - mountPath: /opt - name: opt - - mountPath: /var/log/etcd.log - name: varlogetcd - hostNetwork: true - hostPID: true - initContainers: - - args: - - --target-dir=/opt/kops-utils/ - - --src=/ko-app/kops-utils-cp - command: - - /ko-app/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: kops-utils-cp - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.4.13 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.4.13-0 - name: init-etcd-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --target-dir=/opt/etcd-v3.5.17 - - --src=/usr/local/bin/etcd - - --src=/usr/local/bin/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/etcd:3.5.17-0 - name: init-etcd-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.4.3 - - --src=/opt/etcd-v3.4.13/etcd - - --src=/opt/etcd-v3.4.13/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-4-13 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - - args: - - --symlink - - --target-dir=/opt/etcd-v3.5.0 - - --target-dir=/opt/etcd-v3.5.1 - - --target-dir=/opt/etcd-v3.5.13 - - --target-dir=/opt/etcd-v3.5.3 - - --target-dir=/opt/etcd-v3.5.4 - - --target-dir=/opt/etcd-v3.5.6 - - --target-dir=/opt/etcd-v3.5.7 - - --target-dir=/opt/etcd-v3.5.9 - - --src=/opt/etcd-v3.5.17/etcd - - --src=/opt/etcd-v3.5.17/etcdctl - command: - - /opt/kops-utils/kops-utils-cp - image: registry.k8s.io/kops/kops-utils-cp:1.31.0-beta.1 - name: init-etcd-symlinks-3-5-17 - resources: {} - volumeMounts: - - mountPath: /opt - name: opt - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: rootfs - - hostPath: - path: /run - type: DirectoryOrCreate - name: run - - hostPath: - path: /etc/kubernetes/pki/etcd-manager-main - type: DirectoryOrCreate - name: pki - - emptyDir: {} - name: opt - - hostPath: - path: /var/log/etcd.log - type: FileOrCreate - name: varlogetcd -status: {} diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content deleted file mode 100644 index 03aa43bf09..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ /dev/null @@ -1,253 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - k8s-app: aws-cloud-controller-manager - name: aws-cloud-controller-manager - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-cloud-controller-manager - template: - metadata: - creationTimestamp: null - labels: - k8s-app: aws-cloud-controller-manager - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --allocate-node-cidrs=true - - --cloud-provider=aws - - --cluster-cidr=172.20.128.0/17 - - --cluster-name=minimal.example.com - - --configure-cloud-routes=false - - --leader-elect=true - - --v=2 - - --use-service-account-credentials=true - - --cloud-config=/etc/kubernetes/cloud.config - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 - imagePullPolicy: IfNotPresent - name: aws-cloud-controller-manager - resources: - requests: - cpu: 200m - volumeMounts: - - mountPath: /etc/kubernetes/cloud.config - name: cloudconfig - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: aws-cloud-controller-manager - tolerations: - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - - effect: NoSchedule - key: node.kubernetes.io/not-ready - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - - effect: NoSchedule - key: node-role.kubernetes.io/master - volumes: - - hostPath: - path: /etc/kubernetes/cloud.config - type: "" - name: cloudconfig - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - updateStrategy: - type: RollingUpdate - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: cloud-controller-manager:apiserver-authentication-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - '*' -- apiGroups: - - "" - resources: - - nodes/status - verbs: - - patch -- apiGroups: - - "" - resources: - - services - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - node-controller - - service-controller - - route-controller - resources: - - serviceaccounts/token - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: aws-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:cloud-controller-manager -subjects: -- apiGroup: "" - kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content deleted file mode 100644 index f5f3572927..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content +++ /dev/null @@ -1,1209 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-attacher-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-role -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-provisioner-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - create - - patch - - delete -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-resizer-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattributesclasses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-external-snapshotter-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - update - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-attacher-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-attacher-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node-getter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-csi-node-role -subjects: -- kind: ServiceAccount - name: ebs-csi-node-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-provisioner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-provisioner-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-resizer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-resizer-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-snapshotter-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ebs-external-snapshotter-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-role - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-leases-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ebs-csi-leases-role -subjects: -- kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app: ebs-csi-controller - app.kubernetes.io/managed-by: kops - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - ports: - - name: metrics - port: 3301 - targetPort: 3301 - selector: - app: ebs-csi-controller - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-node - namespace: kube-system -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-node - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-node - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: topology.kubernetes.io/zone - operator: Exists - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - key: node.kubernetes.io/instance-type - operator: NotIn - values: - - a1.medium - - a1.large - - a1.xlarge - - a1.2xlarge - - a1.4xlarge - containers: - - args: - - node - - --endpoint=$(CSI_ENDPOINT) - - --logging-format=text - - --v=2 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /bin/aws-ebs-csi-driver - - pre-stop-hook - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9808 - name: healthz - protocol: TCP - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - privileged: true - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - name: kubelet-dir - - mountPath: /csi - name: plugin-dir - - mountPath: /dev - name: device-dir - - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar:v2.11.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - periodSeconds: 90 - timeoutSeconds: 15 - name: node-driver-registrar - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - - mountPath: /registration - name: registration-dir - - mountPath: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - name: probe-dir - - args: - - --csi-address=/csi/csi.sock - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: plugin-dir - hostNetwork: false - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - securityContext: - fsGroup: 0 - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - serviceAccountName: ebs-csi-node-sa - terminationGracePeriodSeconds: 30 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /var/lib/kubelet - type: Directory - name: kubelet-dir - - hostPath: - path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - type: DirectoryOrCreate - name: plugin-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir - - emptyDir: {} - name: probe-dir - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs-csi-controller - namespace: kube-system -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: ebs-csi-controller - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - weight: 1 - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - ebs-csi-controller - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - controller - - --endpoint=$(CSI_ENDPOINT) - - --k8s-tag-cluster-id=minimal.example.com - - --extra-tags=KubernetesCluster=minimal.example.com - - --http-endpoint=0.0.0.0:3301 - - --batching=true - - --logging-format=text - - --v=5 - env: - - name: AWS_REGION - value: us-test-1 - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - key: key_id - name: aws-secret - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access_key - name: aws-secret - optional: true - - name: AWS_EC2_ENDPOINT - valueFrom: - configMapKeyRef: - key: endpoint - name: aws-meta - optional: true - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.33.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - name: ebs-plugin - ports: - - containerPort: 9811 - name: healthz - protocol: TCP - - containerPort: 3301 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --feature-gates=Topology=true - - --extra-create-metadata - - --leader-election=true - - --default-fstype=ext4 - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner:v5.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-provisioner - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=5m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher:v4.6.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-attacher - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=$(ADDRESS) - - --leader-election=true - - --extra-create-metadata - - --kube-api-qps=20 - - --kube-api-burst=100 - - --worker-threads=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter:v8.0.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-snapshotter - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --leader-election=true - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s:v0.3.0 - imagePullPolicy: IfNotPresent - name: volumemodifier - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --timeout=60s - - --csi-address=$(ADDRESS) - - --v=5 - - --handle-volume-inuse-error=false - - --leader-election=true - - --kube-api-qps=20 - - --kube-api-burst=100 - - --workers=100 - - --retry-interval-max=30m - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer:v1.11.1-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: csi-resizer - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - - args: - - --csi-address=/csi/csi.sock - - --http-endpoint=0.0.0.0:9811 - env: - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/ebs-csi-controller-sa.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe:v2.13.0-eks-1-30-10 - imagePullPolicy: IfNotPresent - name: liveness-probe - resources: - limits: - memory: 256Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - serviceAccountName: ebs-csi-controller-sa - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - tolerationSeconds: 300 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: ebs-csi-controller - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/name: aws-ebs-csi-driver - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: socket-dir - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io - app.kubernetes.io/component: csi-driver - app.kubernetes.io/instance: aws-ebs-csi-driver - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-ebs-csi-driver - app.kubernetes.io/version: v1.33.0 - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - name: ebs.csi.aws.com -spec: - attachRequired: true - podInfoOnMount: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content deleted file mode 100644 index dea787ab0d..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content +++ /dev/null @@ -1,1264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: ingressclassparams.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: IngressClassParams - listKind: IngressClassParamsList - plural: ingressclassparams - singular: ingressclassparams - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The Ingress Group name - jsonPath: .spec.group.name - name: GROUP-NAME - type: string - - description: The AWS Load Balancer scheme - jsonPath: .spec.scheme - name: SCHEME - type: string - - description: The AWS Load Balancer ipAddressType - jsonPath: .spec.ipAddressType - name: IP-ADDRESS-TYPE - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IngressClassParams is the Schema for the IngressClassParams API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IngressClassParamsSpec defines the desired state of IngressClassParams - properties: - group: - description: Group defines the IngressGroup for all Ingresses that - belong to IngressClass with this IngressClassParams. - properties: - name: - description: Name is the name of IngressGroup. - type: string - required: - - name - type: object - inboundCIDRs: - description: InboundCIDRs specifies the CIDRs that are allowed to - access the Ingresses that belong to IngressClass with this IngressClassParams. - items: - type: string - type: array - ipAddressType: - description: IPAddressType defines the ip address type for all Ingresses - that belong to IngressClass with this IngressClassParams. - enum: - - ipv4 - - dualstack - type: string - loadBalancerAttributes: - description: LoadBalancerAttributes define the custom attributes to - LoadBalancers for all Ingress that that belong to IngressClass with - this IngressClassParams. - items: - description: Attributes defines custom attributes on resources. - properties: - key: - description: The key of the attribute. - type: string - value: - description: The value of the attribute. - type: string - required: - - key - - value - type: object - type: array - namespaceSelector: - description: NamespaceSelector restrict the namespaces of Ingresses - that are allowed to specify the IngressClass with this IngressClassParams. - * if absent or present but empty, it selects all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - scheme: - description: Scheme defines the scheme for all Ingresses that belong - to IngressClass with this IngressClassParams. - enum: - - internal - - internet-facing - type: string - sslPolicy: - description: SSLPolicy specifies the SSL Policy for all Ingresses - that belong to IngressClass with this IngressClassParams. - type: string - subnets: - description: Subnets defines the subnets for all Ingresses that belong - to IngressClass with this IngressClassParams. - properties: - ids: - description: IDs specify the resource IDs of subnets. Exactly - one of this or `tags` must be specified. - items: - description: SubnetID specifies a subnet ID. - pattern: subnet-[0-9a-f]+ - type: string - minItems: 1 - type: array - tags: - additionalProperties: - items: - type: string - type: array - description: Tags specifies subnets in the load balancer's VPC - where each tag specified in the map key contains one of the - values in the corresponding value list. Exactly one of this - or `ids` must be specified. - type: object - type: object - tags: - description: Tags defines list of Tags on AWS resources provisioned - for Ingresses that belong to IngressClass with this IngressClassParams. - items: - description: Tag defines a AWS Tag on resources. - properties: - key: - description: The key of the tag. - type: string - value: - description: The value of the tag. - type: string - required: - - key - - value - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: targetgroupbindings.elbv2.k8s.aws -spec: - group: elbv2.k8s.aws - names: - kind: TargetGroupBinding - listKind: TargetGroupBindingList - plural: targetgroupbindings - singular: targetgroupbinding - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - networking: - description: networking provides the networking setup for ELBV2 LoadBalancer - to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The Kubernetes Service's name - jsonPath: .spec.serviceRef.name - name: SERVICE-NAME - type: string - - description: The Kubernetes Service's port - jsonPath: .spec.serviceRef.port - name: SERVICE-PORT - type: string - - description: The AWS TargetGroup's TargetType - jsonPath: .spec.targetType - name: TARGET-TYPE - type: string - - description: The AWS TargetGroup's Amazon Resource Name - jsonPath: .spec.targetGroupARN - name: ARN - priority: 1 - type: string - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: TargetGroupBinding is the Schema for the TargetGroupBinding API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding - properties: - ipAddressType: - description: ipAddressType specifies whether the target group is of - type IPv4 or IPv6. If unspecified, it will be automatically inferred. - enum: - - ipv4 - - ipv6 - type: string - networking: - description: networking defines the networking rules to allow ELBV2 - LoadBalancer to access targets in TargetGroup. - properties: - ingress: - description: List of ingress rules to allow ELBV2 LoadBalancer - to access targets in TargetGroup. - items: - description: NetworkingIngressRule defines a particular set - of traffic that is allowed to access TargetGroup's targets. - properties: - from: - description: List of peers which should be able to access - the targets in TargetGroup. At least one NetworkingPeer - should be specified. - items: - description: NetworkingPeer defines the source/destination - peer for networking rules. - properties: - ipBlock: - description: IPBlock defines an IPBlock peer. If specified, - none of the other fields can be set. - properties: - cidr: - description: CIDR is the network CIDR. Both IPV4 - or IPV6 CIDR are accepted. - type: string - required: - - cidr - type: object - securityGroup: - description: SecurityGroup defines a SecurityGroup - peer. If specified, none of the other fields can - be set. - properties: - groupID: - description: GroupID is the EC2 SecurityGroupID. - type: string - required: - - groupID - type: object - type: object - type: array - ports: - description: List of ports which should be made accessible - on the targets in TargetGroup. If ports is empty or unspecified, - it defaults to all ports with TCP. - items: - description: NetworkingPort defines the port and protocol - for networking rules. - properties: - port: - anyOf: - - type: integer - - type: string - description: The port which traffic must match. When - NodePort endpoints(instance TargetType) is used, - this must be a numerical port. When Port endpoints(ip - TargetType) is used, this can be either numerical - or named port on pods. if port is unspecified, it - defaults to all ports. - x-kubernetes-int-or-string: true - protocol: - description: The protocol which traffic must match. - If protocol is unspecified, it defaults to TCP. - enum: - - TCP - - UDP - type: string - type: object - type: array - required: - - from - - ports - type: object - type: array - type: object - nodeSelector: - description: node selector for instance type target groups to only - register certain nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - serviceRef: - description: serviceRef is a reference to a Kubernetes Service and - ServicePort. - properties: - name: - description: Name is the name of the Service. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port is the port of the ServicePort. - x-kubernetes-int-or-string: true - required: - - name - - port - type: object - targetGroupARN: - description: targetGroupARN is the Amazon Resource Name (ARN) for - the TargetGroup. - minLength: 1 - type: string - targetType: - description: targetType is the TargetType of TargetGroup. If unspecified, - it will be automatically inferred. - enum: - - instance - - ip - type: string - required: - - serviceRef - - targetGroupARN - type: object - status: - description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding - properties: - observedGeneration: - description: The generation observed by the TargetGroupBinding controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-role - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - aws-load-balancer-controller-leader - resources: - - configmaps - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - aws-load-balancer-controller-leader - resources: - - leases - verbs: - - get - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-role -rules: -- apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services/status - verbs: - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - ingressclassparams - verbs: - - get - - list - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - elbv2.k8s.aws - resources: - - targetgroupbindings/status - verbs: - - patch - - update -- apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - extensions - resources: - - ingresses/status - verbs: - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-leader-election-rolebinding - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: aws-load-balancer-controller-leader-election-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-load-balancer-controller-role -subjects: -- kind: ServiceAccount - name: aws-load-balancer-controller - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook-service - namespace: kube-system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --metrics-bind-addr=:9442 - - --cluster-name=minimal.example.com - - --enable-waf=false - - --enable-wafv2=false - - --enable-shield=false - - --ingress-class=alb - - --default-tags=KubernetesCluster=minimal.example.com - - --aws-region=us-test-1 - env: - - name: NODENAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 - livenessProbe: - failureThreshold: 2 - httpGet: - path: /healthz - port: 61779 - scheme: HTTP - initialDelaySeconds: 30 - timeoutSeconds: 10 - name: controller - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - resources: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: aws-load-balancer-controller - terminationGracePeriodSeconds: 10 - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: aws-load-balancer-webhook-tls - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-serving-cert - namespace: kube-system -spec: - dnsNames: - - aws-load-balancer-webhook-service.kube-system.svc - - aws-load-balancer-webhook-service.kube-system.svc.cluster.local - issuerRef: - kind: Issuer - name: aws-load-balancer-selfsigned-issuer - secretName: aws-load-balancer-webhook-tls - ---- - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-selfsigned-issuer - namespace: kube-system -spec: - selfSigned: {} - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-service - failurePolicy: Fail - name: mservice.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - services - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-v1-pod - failurePolicy: Fail - name: mpod.elbv2.k8s.aws - namespaceSelector: - matchExpressions: - - key: elbv2.k8s.aws/pod-readiness-gate-inject - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - - cert-manager - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - resources: - - pods - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /mutate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: mtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/aws-load-balancer-serving-cert - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-webhook -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-ingressclassparams - failurePolicy: Fail - name: vingressclassparams.elbv2.k8s.aws - objectSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: NotIn - values: - - aws-load-balancer-controller - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - ingressclassparams - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-elbv2-k8s-aws-v1beta1-targetgroupbinding - failurePolicy: Fail - name: vtargetgroupbinding.elbv2.k8s.aws - rules: - - apiGroups: - - elbv2.k8s.aws - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - targetgroupbindings - sideEffects: None -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: aws-load-balancer-webhook-service - namespace: kube-system - path: /validate-networking-v1-ingress - failurePolicy: Fail - matchPolicy: Equivalent - name: vingress.elbv2.k8s.aws - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - ---- - -apiVersion: elbv2.k8s.aws/v1beta1 -kind: IngressClassParams -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb - ---- - -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: alb -spec: - controller: ingress.k8s.aws/alb - parameters: - apiGroup: elbv2.k8s.aws - kind: IngressClassParams - name: alb - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io - app.kubernetes.io/component: controller - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-load-balancer-controller - k8s-addon: aws-load-balancer-controller.addons.k8s.io - name: aws-load-balancer-controller - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: aws-load-balancer-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content deleted file mode 100644 index a1cbcf7076..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ /dev/null @@ -1,216 +0,0 @@ -kind: Addons -metadata: - creationTimestamp: null - name: bootstrap -spec: - addons: - - id: k8s-1.16 - manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 - name: kops-controller.addons.k8s.io - needsRollingUpdate: control-plane - selector: - k8s-addon: kops-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: coredns.addons.k8s.io/k8s-1.12.yaml - manifestHash: 591e3b40d00949575616698ce1c9230db8cb00bdab4f8a0d5ef14080a1d7a93c - name: coredns.addons.k8s.io - selector: - k8s-addon: coredns.addons.k8s.io - version: 9.99.0 - - id: k8s-1.9 - manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml - manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81 - name: kubelet-api.rbac.addons.k8s.io - selector: - k8s-addon: kubelet-api.rbac.addons.k8s.io - version: 9.99.0 - - manifest: limit-range.addons.k8s.io/v1.5.0.yaml - manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 - name: limit-range.addons.k8s.io - selector: - k8s-addon: limit-range.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml - manifestHash: be276bd85459d2d34b26a95d3c9492939bb386ce39f13212db484d23aa57da22 - name: dns-controller.addons.k8s.io - selector: - k8s-addon: dns-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.12 - manifest: nodelocaldns.addons.k8s.io/k8s-1.12.yaml - manifestHash: c5d7f108f79f99e99173fff8a7056f6acbf3bf02967fa91034170095ac67d47b - name: nodelocaldns.addons.k8s.io - needsRollingUpdate: all - selector: - k8s-addon: nodelocaldns.addons.k8s.io - version: 9.99.0 - - id: k8s-1.15 - manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 3764bb2698fcd6ad15853cf437c1664e7f46acfee77fdc3c686f1aa000ab4006 - name: cluster-autoscaler.addons.k8s.io - selector: - k8s-addon: cluster-autoscaler.addons.k8s.io - version: 9.99.0 - - id: k8s-1.11 - manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml - manifestHash: 5a79936723087694804b3f2dd19917119822494bb92c2ea8f8554729bb293e9f - name: metrics-server.addons.k8s.io - needsPKI: true - selector: - k8s-app: metrics-server - version: 9.99.0 - - id: k8s-1.16 - manifest: certmanager.io/k8s-1.16.yaml - manifestHash: e9a1f65a8e57904e77e1b5e9f429ca56e154eb73ed2a536e1fb39746573dba21 - name: certmanager.io - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: Service - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=certmanager.io,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - selector: null - version: 9.99.0 - - id: k8s-1.11 - manifest: node-termination-handler.aws/k8s-1.11.yaml - manifestHash: 09840259d2fc87e0f9704d14df71a803b21e5f9a65017929f4721eb191b53f70 - name: node-termination-handler.aws - prune: - kinds: - - kind: ConfigMap - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: Service - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - kind: ServiceAccount - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: admissionregistration.k8s.io - kind: MutatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: admissionregistration.k8s.io - kind: ValidatingWebhookConfiguration - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: DaemonSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: apps - kind: Deployment - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: apps - kind: StatefulSet - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: policy - kind: PodDisruptionBudget - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - namespaces: - - kube-system - - group: rbac.authorization.k8s.io - kind: ClusterRole - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: ClusterRoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: Role - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - - group: rbac.authorization.k8s.io - kind: RoleBinding - labelSelector: addon.kops.k8s.io/name=node-termination-handler.aws,app.kubernetes.io/managed-by=kops - selector: - k8s-addon: node-termination-handler.aws - version: 9.99.0 - - id: k8s-1.19 - manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml - manifestHash: f32c0c5f258e9fb26f8a69b7a2e9ece3738d737552e774d8d84896dcab323782 - name: aws-load-balancer-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: aws-load-balancer-controller.addons.k8s.io - version: 9.99.0 - - id: v1.15.0 - manifest: storage-aws.addons.k8s.io/v1.15.0.yaml - manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200 - name: storage-aws.addons.k8s.io - selector: - k8s-addon: storage-aws.addons.k8s.io - version: 9.99.0 - - id: k8s-1.16 - manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml - manifestHash: f7c29b8c7ecc81826fbb05c53bc443f4e387a0e1dd375b9dbdd71de95674a479 - name: networking.amazon-vpc-routed-eni - needsRollingUpdate: all - selector: - role.kubernetes.io/networking: "1" - version: 9.99.0 - - id: k8s-1.18 - manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 61d8aed7126cff29860f5b09a092010af18071fa057edaa5cdc3ab3a38cc6ef2 - name: aws-cloud-controller.addons.k8s.io - selector: - k8s-addon: aws-cloud-controller.addons.k8s.io - version: 9.99.0 - - id: k8s-1.17 - manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml - manifestHash: db7ca215ecd9c12f6f746b37865600f8130ef9844faf7bad48ba8e661fd83ee7 - name: aws-ebs-csi-driver.addons.k8s.io - selector: - k8s-addon: aws-ebs-csi-driver.addons.k8s.io - version: 9.99.0 - - id: k8s-1.20 - manifest: snapshot-controller.addons.k8s.io/k8s-1.20.yaml - manifestHash: 06a1cffd153dc7f8cf75853da3683d3a68b55411883d84b9bebf049fc746b980 - name: snapshot-controller.addons.k8s.io - needsPKI: true - selector: - k8s-addon: snapshot-controller.addons.k8s.io - version: 9.99.0 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content deleted file mode 100644 index aa9800e409..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content +++ /dev/null @@ -1,10095 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificaterequests.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: CertificateRequest - listKind: CertificateRequestList - plural: certificaterequests - shortNames: - - cr - - crs - singular: certificaterequest - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Approved")].status - name: Approved - type: string - - jsonPath: .status.conditions[?(@.type=="Denied")].status - name: Denied - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - type: string - - jsonPath: .spec.username - name: Requestor - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate - from one of the configured issuers. \n All fields within the CertificateRequest's - `spec` are immutable after creation. A CertificateRequest will either succeed - or fail, as denoted by its `status.state` field. \n A CertificateRequest - is a one-shot resource, meaning it represents a single point in time request - for a certificate and cannot be re-used." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the CertificateRequest resource. - properties: - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. - type: string - extra: - additionalProperties: - items: - type: string - type: array - description: Extra contains extra attributes of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - type: object - groups: - description: Groups contains group membership of the user that created - the CertificateRequest. Populated by the cert-manager webhook on - creation and immutable. - items: - type: string - type: array - x-kubernetes-list-type: atomic - isCA: - description: IsCA will request to mark the certificate as valid for - certificate signing when submitting to the issuer. This will automatically - add the `cert sign` usage to the list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this CertificateRequest. If - the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the CertificateRequest - will be used. If the `kind` field is set to `ClusterIssuer`, a - ClusterIssuer with the provided name will be used. The `name` field - in this stanza is required at all times. The group field refers - to the API group of the issuer which defaults to `cert-manager.io` - if empty. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: The PEM-encoded x509 certificate signing request to be - submitted to the CA for signing. - format: byte - type: string - uid: - description: UID contains the uid of the user that created the CertificateRequest. - Populated by the cert-manager webhook on creation and immutable. - type: string - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. If usages are set they SHOULD be encoded inside - the CSR spec Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - username: - description: Username contains the name of the user that created the - CertificateRequest. Populated by the cert-manager webhook on creation - and immutable. - type: string - required: - - issuerRef - - request - type: object - status: - description: Status of the CertificateRequest. This is set and managed - automatically. - properties: - ca: - description: The PEM encoded x509 certificate of the signer, also - known as the CA (Certificate Authority). This is set on a best-effort - basis by different issuers. If not set, the CA is assumed to be - unknown/not available. - format: byte - type: string - certificate: - description: The PEM encoded x509 certificate resulting from the certificate - signing request. If not set, the CertificateRequest has either not - been completed or has failed. More information on failure can be - found by checking the `conditions` field. - format: byte - type: string - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. - items: - description: CertificateRequestCondition contains condition information - for a CertificateRequest. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `InvalidRequest`, `Approved`, `Denied`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failureTime: - description: FailureTime stores the time that this CertificateRequest - failed. This is used to influence garbage collection and back-off. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: certificates.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Certificate - listKind: CertificateList - plural: certificates - shortNames: - - cert - - certs - singular: certificate - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .spec.secretName - name: Secret - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to - date and signed x509 certificate is stored in the Kubernetes Secret resource - named in `spec.secretName`. \n The stored certificate will be renewed before - it expires (as configured by `spec.renewBefore`)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Certificate resource. - properties: - additionalOutputFormats: - description: AdditionalOutputFormats defines extra output formats - of the private key and signed certificate chain to be written to - this Certificate's target Secret. This is an Alpha Feature and is - only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` - option on both the controller and webhook components. - items: - description: CertificateAdditionalOutputFormat defines an additional - output format of a Certificate resource. These contain supplementary - data formats of the signed certificate chain and paired private - key. - properties: - type: - description: Type is the name of the format type that should - be written to the Certificate's target Secret. - enum: - - DER - - CombinedPEM - type: string - required: - - type - type: object - type: array - commonName: - description: 'CommonName is a common name to be used on the Certificate. - The CommonName should have a length of 64 characters or fewer to - avoid generating invalid CSRs. This value is ignored by TLS clients - when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' - type: string - dnsNames: - description: DNSNames is a list of DNS subjectAltNames to be set on - the Certificate. - items: - type: string - type: array - duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. - This option may be ignored/overridden by some issuer types. If unset - this defaults to 90 days. Certificate will be renewed either 2/3 - through its duration or `renewBefore` period before its expiry, - whichever is later. Minimum accepted duration is 1 hour. Value must - be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - emailAddresses: - description: EmailAddresses is a list of email subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - encodeUsagesInRequest: - description: EncodeUsagesInRequest controls whether key usages should - be present in the CertificateRequest - type: boolean - ipAddresses: - description: IPAddresses is a list of IP address subjectAltNames to - be set on the Certificate. - items: - type: string - type: array - isCA: - description: IsCA will mark this Certificate as valid for certificate - signing. This will automatically add the `cert sign` usage to the - list of `usages`. - type: boolean - issuerRef: - description: IssuerRef is a reference to the issuer for this certificate. - If the `kind` field is not set, or set to `Issuer`, an Issuer resource - with the given name in the same namespace as the Certificate will - be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer - with the provided name will be used. The `name` field in this stanza - is required at all times. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - keystores: - description: Keystores configures additional keystore output formats - stored in the `secretName` Secret resource. - properties: - jks: - description: JKS configures options for storing a JKS keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables JKS keystore creation for the - Certificate. If true, a file named `keystore.jks` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.jks` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the JKS keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - pkcs12: - description: PKCS12 configures options for storing a PKCS12 keystore - in the `spec.secretName` Secret resource. - properties: - create: - description: Create enables PKCS12 keystore creation for the - Certificate. If true, a file named `keystore.p12` will be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef`. The keystore file - will be updated immediately. If the issuer provided a CA - certificate, a file named `truststore.p12` will also be - created in the target Secret resource, encrypted using the - password stored in `passwordSecretRef` containing the issuing - Certificate Authority - type: boolean - passwordSecretRef: - description: PasswordSecretRef is a reference to a key in - a Secret resource containing the password used to encrypt - the PKCS12 keystore. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - create - - passwordSecretRef - type: object - type: object - literalSubject: - description: LiteralSubject is an LDAP formatted string that represents - the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - Use this *instead* of the Subject field if you need to ensure the - correct ordering of the RDN sequence, such as when issuing certs - for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, - https://github.com/cert-manager/cert-manager/issues/4424. This field - is alpha level and is only supported by cert-manager installations - where LiteralCertificateSubject feature gate is enabled on both - cert-manager controller and webhook. - type: string - privateKey: - description: Options to control private keys used for the Certificate. - properties: - algorithm: - description: Algorithm is the private key algorithm of the corresponding - private key for this certificate. If provided, allowed values - are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified - and `size` is not provided, key size of 256 will be used for - `ECDSA` key algorithm and key size of 2048 will be used for - `RSA` key algorithm. key size is ignored when using the `Ed25519` - key algorithm. - enum: - - RSA - - ECDSA - - Ed25519 - type: string - encoding: - description: The private key cryptography standards (PKCS) encoding - for this certificate's private key to be encoded in. If provided, - allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and - PKCS#8, respectively. Defaults to `PKCS1` if not specified. - enum: - - PKCS1 - - PKCS8 - type: string - rotationPolicy: - description: RotationPolicy controls how private keys should be - regenerated when a re-issuance is being processed. If set to - Never, a private key will only be generated if one does not - already exist in the target `spec.secretName`. If one does exists - but it does not have the correct algorithm or size, a warning - will be raised to await user intervention. If set to Always, - a private key matching the specified requirements will be generated - whenever a re-issuance occurs. Default is 'Never' for backward - compatibility. - enum: - - Never - - Always - type: string - size: - description: Size is the key bit size of the corresponding private - key for this certificate. If `algorithm` is set to `RSA`, valid - values are `2048`, `4096` or `8192`, and will default to `2048` - if not specified. If `algorithm` is set to `ECDSA`, valid values - are `256`, `384` or `521`, and will default to `256` if not - specified. If `algorithm` is set to `Ed25519`, Size is ignored. - No other values are allowed. - type: integer - type: object - renewBefore: - description: How long before the currently issued certificate's expiry - cert-manager should renew the certificate. The default is 2/3 of - the issued certificate's duration. Minimum accepted value is 5 minutes. - Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration - type: string - revisionHistoryLimit: - description: revisionHistoryLimit is the maximum number of CertificateRequest - revisions that are maintained in the Certificate's history. Each - revision represents a single `CertificateRequest` created by this - Certificate, either when it was created, renewed, or Spec was changed. - Revisions will be removed by oldest first if the number of revisions - exceeds this number. If set, revisionHistoryLimit must be a value - of `1` or greater. If unset (`nil`), revisions will not be garbage - collected. Default value is `nil`. - format: int32 - type: integer - secretName: - description: SecretName is the name of the secret resource that will - be automatically created and managed by this Certificate resource. - It will be populated with a private key and certificate, signed - by the denoted issuer. - type: string - secretTemplate: - description: SecretTemplate defines annotations and labels to be copied - to the Certificate's Secret. Labels and annotations on the Secret - will be changed as they appear on the SecretTemplate when added - or removed. SecretTemplate annotations are added in conjunction - with, and cannot overwrite, the base set of annotations cert-manager - sets on the Certificate's Secret. - properties: - annotations: - additionalProperties: - type: string - description: Annotations is a key value map to be copied to the - target Kubernetes Secret. - type: object - labels: - additionalProperties: - type: string - description: Labels is a key value map to be copied to the target - Kubernetes Secret. - type: object - type: object - subject: - description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). - properties: - countries: - description: Countries to be used on the Certificate. - items: - type: string - type: array - localities: - description: Cities to be used on the Certificate. - items: - type: string - type: array - organizationalUnits: - description: Organizational Units to be used on the Certificate. - items: - type: string - type: array - organizations: - description: Organizations to be used on the Certificate. - items: - type: string - type: array - postalCodes: - description: Postal codes to be used on the Certificate. - items: - type: string - type: array - provinces: - description: State/Provinces to be used on the Certificate. - items: - type: string - type: array - serialNumber: - description: Serial number to be used on the Certificate. - type: string - streetAddresses: - description: Street addresses to be used on the Certificate. - items: - type: string - type: array - type: object - uris: - description: URIs is a list of URI subjectAltNames to be set on the - Certificate. - items: - type: string - type: array - usages: - description: Usages is the set of x509 usages that are requested for - the certificate. Defaults to `digital signature` and `key encipherment` - if not specified. - items: - description: "KeyUsage specifies valid usage contexts for keys. - See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - \n Valid KeyUsage values are as follows: \"signing\", \"digital - signature\", \"content commitment\", \"key encipherment\", \"key - agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", - \"encipher only\", \"decipher only\", \"any\", \"server auth\", - \"client auth\", \"code signing\", \"email protection\", \"s/mime\", - \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", - \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" - enum: - - signing - - digital signature - - content commitment - - key encipherment - - key agreement - - data encipherment - - cert sign - - crl sign - - encipher only - - decipher only - - any - - server auth - - client auth - - code signing - - email protection - - s/mime - - ipsec end system - - ipsec tunnel - - ipsec user - - timestamping - - ocsp signing - - microsoft sgc - - netscape sgc - type: string - type: array - required: - - issuerRef - - secretName - type: object - status: - description: Status of the Certificate. This is set and managed automatically. - properties: - conditions: - description: List of status conditions to indicate the status of certificates. - Known condition types are `Ready` and `Issuing`. - items: - description: CertificateCondition contains condition information - for an Certificate. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Certificate. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`, - `Issuing`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - failedIssuanceAttempts: - description: The number of continuous failed issuance attempts up - till now. This field gets removed (if set) on a successful issuance - and gets set to 1 if unset and an issuance has failed. If an issuance - has failed, the delay till the next issuance will be calculated - using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). - type: integer - lastFailureTime: - description: LastFailureTime is set only if the lastest issuance for - this Certificate failed and contains the time of the failure. If - an issuance has failed, the delay till the next issuance will be - calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - - 1). If the latest issuance has succeeded this field will be unset. - format: date-time - type: string - nextPrivateKeySecretName: - description: The name of the Secret resource containing the private - key to be used for the next certificate iteration. The keymanager - controller will automatically set this field if the `Issuing` condition - is set to `True`. It will automatically unset this field when the - Issuing condition is not set or False. - type: string - notAfter: - description: The expiration time of the certificate stored in the - secret named by this resource in `spec.secretName`. - format: date-time - type: string - notBefore: - description: The time after which the certificate stored in the secret - named by this resource in spec.secretName is valid. - format: date-time - type: string - renewalTime: - description: RenewalTime is the time at which the certificate will - be next renewed. If not set, no upcoming renewal is scheduled. - format: date-time - type: string - revision: - description: "The current 'revision' of the certificate as issued. - \n When a CertificateRequest resource is created, it will have the - `cert-manager.io/certificate-revision` set to one greater than the - current value of this field. \n Upon issuance, this field will be - set to the value of the annotation on the CertificateRequest resource - used to issue the certificate. \n Persisting the value on the CertificateRequest - resource allows the certificates controller to know whether a request - is part of an old issuance or if it is part of the ongoing revision's - issuance by checking if the revision value in the annotation is - greater than this field." - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: challenges.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Challenge - listKind: ChallengeList - plural: challenges - singular: challenge - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.dnsName - name: Domain - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Challenge is a type to represent a Challenge request with an - ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - authorizationURL: - description: The URL to the ACME Authorization resource that this - challenge is a part of. - type: string - dnsName: - description: dnsName is the identifier that this challenge is for, - e.g. example.com. If the requested DNSName is a 'wildcard', this - field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, - it must be `example.com`. - type: string - issuerRef: - description: References a properly configured ACME-type Issuer which - should be used to create this Challenge. If the Issuer does not - exist, processing will be retried. If the Issuer is not an 'ACME' - Issuer, an error will be returned and the Challenge will be marked - as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - key: - description: 'The ACME challenge key for this challenge For HTTP01 - challenges, this is the value that must be responded with to complete - the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is - the base64 encoded SHA256 sum of the `.` text that must be set as the TXT - record content.' - type: string - solver: - description: Contains the domain solving configuration that should - be used to solve this challenge resource. - properties: - dns01: - description: Configures cert-manager to attempt to complete authorizations - by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API to manage - DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage DNS01 - challenge records. - properties: - clientID: - description: if both this and ClientSecret are left unset - MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left unset - MSI will be used - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be used - type: string - managedIdentity: - description: managed identity configuration, can not be - used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, can - not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage DNS01 - challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field that - tells cert-manager in which Cloud DNS zone the challenge - record has to be created. If left empty cert-manager - will automatically choose a zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 challenge - records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. - Note: using an API token to authenticate is now the - recommended method as it allows greater control of permissions.' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with Cloudflare. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required when - using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider - should handle CNAME records when found in DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage DNS01 - challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within a - Secret resource. In some instances, `key` is a required - field. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name - System") (https://datatracker.ietf.org/doc/rfc2136/) to - manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed in - square brackets (e.g [2001:db8::1]) ; port is optional. - This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS - supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values are - (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, - ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the DNS. - If ``tsigSecretSecretRef`` is defined, this field is - required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the TSIG - value. If ``tsigKeyName`` is defined, this field is - required. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 challenge - records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If neither - the Access Key nor Key ID are set, we fall-back to using - env vars, shared credentials file or AWS Instance metadata, - see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key within - a Kubernetes Secret. Cannot be set when AccessKeyID - is set. If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials file - or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only this - zone in Route53 and will not do an lookup using the - route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 provider - will assume using either the explicit credentials AccessKeyID/SecretAccessKey - or the inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back - to using env vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 challenge - solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should be passed - to the webhook apiserver when challenges are processed. - This can contain arbitrary JSON data. Secret values - should not be specified in this stanza. If secret values - are needed (e.g. credentials for a DNS service), you - should use a SecretKeySelector to reference a Secret - resource. For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used when - POSTing ChallengePayload resources to the webhook apiserver. - This should be the same as the GroupName specified in - the webhook provider implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will typically - be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete authorizations - by performing the HTTP01 challenge flow. It is not possible - to obtain certificates for wildcard domain names (e.g. `*.example.com`) - using the HTTP01 challenge mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community API - that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the specified - labels in the same namespace as the challenge. This solver - is experimental, and fields / behaviour may change in the - future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied to HTTPRoutes - created by cert-manager while solving HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager - creates an HTTPRoute. cert-manager needs to know which - parentRefs should be used when creating the HTTPRoute. - Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API object - (usually a Gateway) that can be considered a parent - of this resource (usually a route). The only kind - of parent resource with \"Core\" support is Gateway. - This API may be extended in the future to support - additional kinds of parent resources, such as HTTPRoute. - \n The API object must be valid in the cluster; the - Group and Kind must be registered in the cluster for - this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such as - for a \"Service\" kind referent), Group must be - explicitly set to \"\" (empty string). \n Support: - Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. \n Support: - Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of the - referent. When unspecified, this refers to the - local namespace of the Route. \n Note that there - are specific rules for ParentRefs which cross - namespace boundaries. Cross-namespace references - are only valid if they are explicitly allowed - by something in the namespace they are referring - to. For example: Gateway has the AllowedRoutes - field, and ReferenceGrant provides a generic way - to enable any other kind of cross-namespace reference. - \n Support: Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this Route - targets. It can be interpreted differently based - on the type of parent resource. \n When the parent - resource is a Gateway, this targets all listeners - listening on the specified port that also support - this kind of Route(and select this Route). It's - not recommended to set `Port` unless the networking - behaviors specified in a Route must apply to a - specific port as opposed to a listener(s) whose - port(s) may be changed. When both Port and SectionName - are specified, the name and port of the selected - listener must match both specified values. \n - Implementations MAY choose to support other parent - resources. Implementations supporting other types - of parent resources MUST clearly document how/if - Port is interpreted. \n For the purpose of status, - an attachment is considered successful as long - as the parent resource accepts it partially. For - example, Gateway listeners can restrict which - Routes can attach to them by Route kind, namespace, - or hostname. If 1 of 2 Gateway listeners accept - attachment from the referencing Route, the Route - MUST be considered successfully attached. If no - Gateway listeners accept attachment from this - Route, the Route MUST be considered detached from - the Gateway. \n Support: Extended \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a section - within the target resource. In the following resources, - SectionName is interpreted as the following: \n - * Gateway: Listener Name. When both Port (experimental) - and SectionName are specified, the name and port - of the selected listener must match both specified - values. \n Implementations MAY choose to support - attaching Routes to other resources. If that is - the case, they MUST clearly document how SectionName - is interpreted. \n When unspecified (empty string), - this will reference the entire resource. For the - purpose of status, an attachment is considered - successful if at least one section in the parent - resource accepts it. For example, Gateway listeners - can restrict which Routes can attach to them by - Route kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from the referencing - Route, the Route MUST be considered successfully - attached. If no Gateway listeners accept attachment - from this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver will - solve challenges by creating or modifying Ingress resources - in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by cert-manager - for each Challenge to be completed. - properties: - class: - description: This field configures the annotation `kubernetes.io/ingress.class` - when creating Ingress resources to solve ACME challenges - that use this challenge solver. Only one of `class`, - `name` or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve ACME - challenges that use this challenge solver. This is the - recommended way of configuring the ingress class. Only - one of `class`, `name` or `ingressClassName` may be - specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the 'labels' - and 'annotations' fields may be set. If labels or - annotations overlap with in-built values, the values - here will override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the created ACME HTTP01 solver ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that should - have ACME challenge solving routes inserted into it - in order to solve HTTP01 challenges. This is typically - used in conjunction with ingress controllers like ingress-gce, - which maintains a 1:1 mapping between external IPs and - ingress resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure the - ACME challenge solver pods used for HTTP01 challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod used - to solve HTTP01 challenges. Only the 'labels' and - 'annotations' fields may be set. If labels or annotations - overlap with in-built values, the values here will - override the in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be added - to the create ACME HTTP01 solver pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added to the - created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the HTTP01 - challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All other - fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node matches the corresponding - matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit - weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, - associated with the corresponding - weight. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to an update), - the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. - items: - description: A null or empty node - selector term matches no objects. - The requirements of them are ANDed. - The TopologySelectorTerm type - implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements by node's - labels. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node - selector requirements by node's - fields. - items: - description: A node selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array - of string values. If - the operator is In or - NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the - values array must be - empty. If the operator - is Gt or Lt, the values - array must have a single - element, which will - be interpreted as an - integer. This array - is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified by - this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the - same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose a node - that violates one or more of the expressions. - The node that is most preferred is the - one with the greatest sum of weights, - i.e. for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by - iterating through the elements of this - field and adding "weight" to the sum - if the node has pods which matches the - corresponding podAffinityTerm; the node(s) - with the highest sum are the most preferred. - items: - description: The weights of all of the - matched WeightedPodAffinityTerm fields - are added per-node to find the most - preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that - the term applies to. The term - is applied to the union of - the namespaces selected by - this field and the ones listed - in the namespaces field. null - selector and null or empty - namespaces list means "this - pod's namespace". An empty - selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied to - the union of the namespaces - listed in this field and the - ones selected by namespaceSelector. - null or empty namespaces list - and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with - matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met - at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity - requirements specified by this field - cease to be met at some point during - pod execution (e.g. due to a pod label - update), the system may or may not try - to eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this - pod should be co-located (affinity) - or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value of - the label with key matches - that of any node on which a pod of - the set of pods is running - properties: - labelSelector: - description: A label query over - a set of resources, in this case - pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over - the set of namespaces that the - term applies to. The term is applied - to the union of the namespaces - selected by this field and the - ones listed in the namespaces - field. null selector and null - or empty namespaces list means - "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The - term is applied to the union of - the namespaces listed in this - field and the ones selected by - namespaceSelector. null or empty - namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be - co-located (affinity) or not co-located - (anti-affinity) with the pods - matching the labelSelector in - the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains enough - information to let you locate the referenced - object inside the same namespace. - properties: - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. Selector - which must match a node''s labels for the pod - to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator - . - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match all - taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that the - toleration applies to. Empty means match - all taint keys. If the key is empty, operator - must be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints - of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration (which - must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. - By default, it is not set, which means - tolerate the taint forever (do not evict). - Zero and negative values will be treated - as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the - toleration matches to. If the operator - is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes solver - service. Supported values are NodePort or ClusterIP. - If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver has - a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will be used - to solve. If specified and a match is found, a dnsNames - selector will take precedence over a dnsZones selector. - If multiple solvers match with the same dnsNames value, - the solver with the most matching labels in matchLabels - will be selected. If neither has more matches, the solver - defined earlier in the list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will be used - to solve. The most specific DNS zone match specified here - will take precedence over other DNS zone matches, so a solver - specifying sys.example.com will be selected over one specifying - example.com for the domain www.sys.example.com. If multiple - solvers match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine the set - of certificate's that this challenge solver will apply to. - type: object - type: object - type: object - token: - description: The ACME challenge token for this challenge. This is - the raw value returned from the ACME server. - type: string - type: - description: The type of ACME challenge this resource represents. - One of "HTTP-01" or "DNS-01". - enum: - - HTTP-01 - - DNS-01 - type: string - url: - description: The URL of the ACME Challenge resource for this challenge. - This can be used to lookup details about the status of this challenge. - type: string - wildcard: - description: wildcard will be true if this challenge is for a wildcard - identifier, for example '*.example.com'. - type: boolean - required: - - authorizationURL - - dnsName - - issuerRef - - key - - solver - - token - - type - - url - type: object - status: - properties: - presented: - description: presented will be set to true if the challenge values - for this challenge are currently 'presented'. This *does not* imply - the self check is passing. Only that the values have been 'submitted' - for the appropriate challenge mechanism (i.e. the DNS01 TXT record - has been presented, or the HTTP01 configuration has been configured). - type: boolean - processing: - description: Used to denote whether this challenge should be processed - or not. This field will only be set to true by the 'scheduling' - component. It will only be set to false by the 'challenges' controller, - after the challenge has reached a final state or timed out. If this - field is set to false, the challenge controller will not take any - more action. - type: boolean - reason: - description: Contains human readable information on why the Challenge - is in the current state. - type: string - state: - description: Contains the current 'state' of the challenge. If not - set, the state of the challenge is unknown. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: clusterissuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: ClusterIssuer - listKind: ClusterIssuerList - plural: clusterissuers - singular: clusterissuer - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: A ClusterIssuer represents a certificate issuing authority which - can be referenced as part of `issuerRef` fields. It is similar to an Issuer, - however it is cluster-scoped and therefore can be referenced by resources - that exist in *any* namespace, not just the same namespace as the referent. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the ClusterIssuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the ClusterIssuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: issuers.cert-manager.io -spec: - group: cert-manager.io - names: - categories: - - cert-manager - kind: Issuer - listKind: IssuerList - plural: issuers - singular: issuer - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: An Issuer represents a certificate issuing authority which can - be referenced as part of `issuerRef` fields. It is scoped to a single namespace - and can therefore only be referenced by resources within the same namespace. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Desired state of the Issuer resource. - properties: - acme: - description: ACME configures this issuer to communicate with a RFC8555 - (ACME) server to obtain signed x509 certificates. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which can be used - to validate the certificate chain presented by the ACME server. - Mutually exclusive with SkipTLSVerify; prefer using CABundle - to prevent various kinds of security vulnerabilities. If CABundle - and SkipTLSVerify are unset, the system certificate bundle inside - the container is used to validate the TLS connection. - format: byte - type: string - disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account - key. If true, the Issuer resource will *not* request a new account - but will expect the account key to be supplied via an existing - secret. If false, the cert-manager system will generate a new - ACME account key for the Issuer. Defaults to false. - type: boolean - email: - description: Email is the email address to be associated with - the ACME account. This field is optional, but it is strongly - recommended to be set. It will be used to contact you in case - of issues with your account or certificates, including expiry - notification emails. This field may be updated after the account - is initially registered. - type: string - enableDurationFeature: - description: Enables requesting a Not After date on certificates - that matches the duration of the certificate. This is not supported - by all ACME servers like Let's Encrypt. If set to true when - the ACME server does not support it it will create an error - on the Order. Defaults to false. - type: boolean - externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external - account of the ACME server. If set, upon registration cert-manager - will attempt to associate the given external account credentials - with the registered ACME account. - properties: - keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical - compatibility reasons and should not be used. The algorithm - is now hardcoded to HS256 in golang/x/crypto/acme.' - enum: - - HS256 - - HS384 - - HS512 - type: string - keyID: - description: keyID is the ID of the CA key that the External - Account is bound to. - type: string - keySecretRef: - description: keySecretRef is a Secret Key Selector referencing - a data item in a Kubernetes Secret which holds the symmetric - MAC key of the External Account Binding. The `key` is the - index string that is paired with the key data in the Secret - and should not be confused with the key data itself, or - indeed with the External Account Binding keyID above. The - secret key stored in the Secret **must** be un-padded, base64 - URL encoded data. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - keyID - - keySecretRef - type: object - preferredChain: - description: 'PreferredChain is the chain to use if the ACME server - outputs multiple. PreferredChain is no guarantee that this one - gets delivered by the ACME endpoint. For example, for Let''s - Encrypt''s DST crosssign you would use: "DST Root CA X3" or - "ISRG Root X1" for the newer Let''s Encrypt root CA. This value - picks the first certificate bundle in the ACME alternative chains - that has a certificate with this value as its issuer''s CN' - maxLength: 64 - type: string - privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource - that will be used to store the automatically generated ACME - account private key. Optionally, a `key` may be specified to - select a specific entry within the named Secret resource. If - `key` is not specified, a default of `tls.key` will be used. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - server: - description: 'Server is the URL used to access the ACME server''s - ''directory'' endpoint. For example, for Let''s Encrypt''s staging - endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". - Only ACME v2 endpoints (i.e. RFC 8555) are supported.' - type: string - skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the - ACME server TLS certificate. If true, requests to the ACME server - will not have the TLS certificate chain validated. Mutually - exclusive with CABundle; prefer using CABundle to prevent various - kinds of security vulnerabilities. Only enable this option in - development environments. If CABundle and SkipTLSVerify are - unset, the system certificate bundle inside the container is - used to validate the TLS connection. Defaults to false.' - type: boolean - solvers: - description: 'Solvers is a list of challenge solvers that will - be used to solve ACME challenges for the matching domains. Solver - configurations must be provided in order to obtain certificates - from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' - items: - description: An ACMEChallengeSolver describes how to solve ACME - challenges for the issuer it is part of. A selector may be - provided to use different solving strategies for different - DNS names. Only one of HTTP01 or DNS01 must be provided. - properties: - dns01: - description: Configures cert-manager to attempt to complete - authorizations by performing the DNS01 challenge flow. - properties: - acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) - API to manage DNS01 challenge records. - properties: - accountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - host: - type: string - required: - - accountSecretRef - - host - type: object - akamai: - description: Use the Akamai DNS zone management API - to manage DNS01 challenge records. - properties: - accessTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientSecretSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - clientTokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceConsumerDomain: - type: string - required: - - accessTokenSecretRef - - clientSecretSecretRef - - clientTokenSecretRef - - serviceConsumerDomain - type: object - azureDNS: - description: Use the Microsoft Azure DNS API to manage - DNS01 challenge records. - properties: - clientID: - description: if both this and ClientSecret are left - unset MSI will be used - type: string - clientSecretSecretRef: - description: if both this and ClientID are left - unset MSI will be used - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - environment: - description: name of the Azure environment (default - AzurePublicCloud) - enum: - - AzurePublicCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureUSGovernmentCloud - type: string - hostedZoneName: - description: name of the DNS zone that should be - used - type: string - managedIdentity: - description: managed identity configuration, can - not be used at the same time as clientID, clientSecretSecretRef - or tenantID - properties: - clientID: - description: client ID of the managed identity, - can not be used at the same time as resourceID - type: string - resourceID: - description: resource ID of the managed identity, - can not be used at the same time as clientID - type: string - type: object - resourceGroupName: - description: resource group the DNS zone is located - in - type: string - subscriptionID: - description: ID of the Azure subscription - type: string - tenantID: - description: when specifying ClientID and ClientSecret - then this field is also needed - type: string - required: - - resourceGroupName - - subscriptionID - type: object - cloudDNS: - description: Use the Google Cloud DNS API to manage - DNS01 challenge records. - properties: - hostedZoneName: - description: HostedZoneName is an optional field - that tells cert-manager in which Cloud DNS zone - the challenge record has to be created. If left - empty cert-manager will automatically choose a - zone. - type: string - project: - type: string - serviceAccountSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - project - type: object - cloudflare: - description: Use the Cloudflare API to manage DNS01 - challenge records. - properties: - apiKeySecretRef: - description: 'API key to use to authenticate with - Cloudflare. Note: using an API token to authenticate - is now the recommended method as it allows greater - control of permissions.' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - apiTokenSecretRef: - description: API token used to authenticate with - Cloudflare. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - email: - description: Email of the account, only required - when using API key based authentication. - type: string - type: object - cnameStrategy: - description: CNAMEStrategy configures how the DNS01 - provider should handle CNAME records when found in - DNS zones. - enum: - - None - - Follow - type: string - digitalocean: - description: Use the DigitalOcean DNS API to manage - DNS01 challenge records. - properties: - tokenSecretRef: - description: A reference to a specific 'key' within - a Secret resource. In some instances, `key` is - a required field. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - tokenSecretRef - type: object - rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain - Name System") (https://datatracker.ietf.org/doc/rfc2136/) - to manage DNS01 challenge records. - properties: - nameserver: - description: The IP address or hostname of an authoritative - DNS server supporting RFC2136 in the form host:port. - If the host is an IPv6 address it must be enclosed - in square brackets (e.g [2001:db8::1]) ; port - is optional. This field is required. - type: string - tsigAlgorithm: - description: 'The TSIG Algorithm configured in the - DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` - and ``tsigKeyName`` are defined. Supported values - are (case-insensitive): ``HMACMD5`` (default), - ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' - type: string - tsigKeyName: - description: The TSIG Key name configured in the - DNS. If ``tsigSecretSecretRef`` is defined, this - field is required. - type: string - tsigSecretSecretRef: - description: The name of the secret containing the - TSIG value. If ``tsigKeyName`` is defined, this - field is required. - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - nameserver - type: object - route53: - description: Use the AWS Route53 API to manage DNS01 - challenge records. - properties: - accessKeyID: - description: 'The AccessKeyID is used for authentication. - Cannot be set when SecretAccessKeyID is set. If - neither the Access Key nor Key ID are set, we - fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - type: string - accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. - If set, pull the AWS access key ID from a key - within a Kubernetes Secret. Cannot be set when - AccessKeyID is set. If neither the Access Key - nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance - metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - hostedZoneID: - description: If set, the provider will manage only - this zone in Route53 and will not do an lookup - using the route53:ListHostedZonesByName api call. - type: string - region: - description: Always set the region when using AccessKeyID - and SecretAccessKey - type: string - role: - description: Role is a Role ARN which the Route53 - provider will assume using either the explicit - credentials AccessKeyID/SecretAccessKey or the - inferred credentials from environment variables, - shared credentials file or AWS Instance metadata - type: string - secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, - we fall-back to using env vars, shared credentials - file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' - properties: - key: - description: The key of the entry in the Secret - resource's `data` field to be used. Some instances - of this field may be defaulted, in others - it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - region - type: object - webhook: - description: Configure an external webhook based DNS01 - challenge solver to manage DNS01 challenge records. - properties: - config: - description: Additional configuration that should - be passed to the webhook apiserver when challenges - are processed. This can contain arbitrary JSON - data. Secret values should not be specified in - this stanza. If secret values are needed (e.g. - credentials for a DNS service), you should use - a SecretKeySelector to reference a Secret resource. - For details on the schema of this field, consult - the webhook provider implementation's documentation. - x-kubernetes-preserve-unknown-fields: true - groupName: - description: The API group name that should be used - when POSTing ChallengePayload resources to the - webhook apiserver. This should be the same as - the GroupName specified in the webhook provider - implementation. - type: string - solverName: - description: The name of the solver to use, as defined - in the webhook provider implementation. This will - typically be the name of the provider, e.g. 'cloudflare'. - type: string - required: - - groupName - - solverName - type: object - type: object - http01: - description: Configures cert-manager to attempt to complete - authorizations by performing the HTTP01 challenge flow. - It is not possible to obtain certificates for wildcard - domain names (e.g. `*.example.com`) using the HTTP01 challenge - mechanism. - properties: - gatewayHTTPRoute: - description: The Gateway API is a sig-network community - API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). - The Gateway solver will create HTTPRoutes with the - specified labels in the same namespace as the challenge. - This solver is experimental, and fields / behaviour - may change in the future. - properties: - labels: - additionalProperties: - type: string - description: Custom labels that will be applied - to HTTPRoutes created by cert-manager while solving - HTTP-01 challenges. - type: object - parentRefs: - description: 'When solving an HTTP-01 challenge, - cert-manager creates an HTTPRoute. cert-manager - needs to know which parentRefs should be used - when creating the HTTPRoute. Usually, the parentRef - references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' - items: - description: "ParentReference identifies an API - object (usually a Gateway) that can be considered - a parent of this resource (usually a route). - The only kind of parent resource with \"Core\" - support is Gateway. This API may be extended - in the future to support additional kinds of - parent resources, such as HTTPRoute. \n The - API object must be valid in the cluster; the - Group and Kind must be registered in the cluster - for this reference to be valid." - properties: - group: - default: gateway.networking.k8s.io - description: "Group is the group of the referent. - When unspecified, \"gateway.networking.k8s.io\" - is inferred. To set the core API group (such - as for a \"Service\" kind referent), Group - must be explicitly set to \"\" (empty string). - \n Support: Core" - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - kind: - default: Gateway - description: "Kind is kind of the referent. - \n Support: Core (Gateway) \n Support: Implementation-specific - (Other Resources)" - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ - type: string - name: - description: "Name is the name of the referent. - \n Support: Core" - maxLength: 253 - minLength: 1 - type: string - namespace: - description: "Namespace is the namespace of - the referent. When unspecified, this refers - to the local namespace of the Route. \n - Note that there are specific rules for ParentRefs - which cross namespace boundaries. Cross-namespace - references are only valid if they are explicitly - allowed by something in the namespace they - are referring to. For example: Gateway has - the AllowedRoutes field, and ReferenceGrant - provides a generic way to enable any other - kind of cross-namespace reference. \n Support: - Core" - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: "Port is the network port this - Route targets. It can be interpreted differently - based on the type of parent resource. \n - When the parent resource is a Gateway, this - targets all listeners listening on the specified - port that also support this kind of Route(and - select this Route). It's not recommended - to set `Port` unless the networking behaviors - specified in a Route must apply to a specific - port as opposed to a listener(s) whose port(s) - may be changed. When both Port and SectionName - are specified, the name and port of the - selected listener must match both specified - values. \n Implementations MAY choose to - support other parent resources. Implementations - supporting other types of parent resources - MUST clearly document how/if Port is interpreted. - \n For the purpose of status, an attachment - is considered successful as long as the - parent resource accepts it partially. For - example, Gateway listeners can restrict - which Routes can attach to them by Route - kind, namespace, or hostname. If 1 of 2 - Gateway listeners accept attachment from - the referencing Route, the Route MUST be - considered successfully attached. If no - Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Extended - \n " - format: int32 - maximum: 65535 - minimum: 1 - type: integer - sectionName: - description: "SectionName is the name of a - section within the target resource. In the - following resources, SectionName is interpreted - as the following: \n * Gateway: Listener - Name. When both Port (experimental) and - SectionName are specified, the name and - port of the selected listener must match - both specified values. \n Implementations - MAY choose to support attaching Routes to - other resources. If that is the case, they - MUST clearly document how SectionName is - interpreted. \n When unspecified (empty - string), this will reference the entire - resource. For the purpose of status, an - attachment is considered successful if at - least one section in the parent resource - accepts it. For example, Gateway listeners - can restrict which Routes can attach to - them by Route kind, namespace, or hostname. - If 1 of 2 Gateway listeners accept attachment - from the referencing Route, the Route MUST - be considered successfully attached. If - no Gateway listeners accept attachment from - this Route, the Route MUST be considered - detached from the Gateway. \n Support: Core" - maxLength: 253 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - required: - - name - type: object - type: array - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - ingress: - description: The ingress based HTTP01 challenge solver - will solve challenges by creating or modifying Ingress - resources in order to route requests for '/.well-known/acme-challenge/XYZ' - to 'challenge solver' pods that are provisioned by - cert-manager for each Challenge to be completed. - properties: - class: - description: This field configures the annotation - `kubernetes.io/ingress.class` when creating Ingress - resources to solve ACME challenges that use this - challenge solver. Only one of `class`, `name` - or `ingressClassName` may be specified. - type: string - ingressClassName: - description: This field configures the field `ingressClassName` - on the created Ingress resources used to solve - ACME challenges that use this challenge solver. - This is the recommended way of configuring the - ingress class. Only one of `class`, `name` or - `ingressClassName` may be specified. - type: string - ingressTemplate: - description: Optional ingress template used to configure - the ACME challenge solver ingress used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the ingress - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the created ACME HTTP01 solver - ingress. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver ingress. - type: object - type: object - type: object - name: - description: The name of the ingress resource that - should have ACME challenge solving routes inserted - into it in order to solve HTTP01 challenges. This - is typically used in conjunction with ingress - controllers like ingress-gce, which maintains - a 1:1 mapping between external IPs and ingress - resources. Only one of `class`, `name` or `ingressClassName` - may be specified. - type: string - podTemplate: - description: Optional pod template used to configure - the ACME challenge solver pods used for HTTP01 - challenges. - properties: - metadata: - description: ObjectMeta overrides for the pod - used to solve HTTP01 challenges. Only the - 'labels' and 'annotations' fields may be set. - If labels or annotations overlap with in-built - values, the values here will override the - in-built values. - properties: - annotations: - additionalProperties: - type: string - description: Annotations that should be - added to the create ACME HTTP01 solver - pods. - type: object - labels: - additionalProperties: - type: string - description: Labels that should be added - to the created ACME HTTP01 solver pods. - type: object - type: object - spec: - description: PodSpec defines overrides for the - HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec - to find out currently supported fields. All - other fields will be ignored. - properties: - affinity: - description: If specified, the pod's scheduling - constraints - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of - node selector requirements - by node's fields. - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies - to. The term is applied - to the union of the - namespaces selected - by this field and the - ones listed in the namespaces - field. null selector - and null or empty namespaces - list means "this pod's - namespace". An empty - selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces - specifies a static list - of namespace names that - the term applies to. - The term is applied - to the union of the - namespaces listed in - this field and the ones - selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query - over the set of namespaces - that the term applies to. - The term is applied to the - union of the namespaces - selected by this field and - the ones listed in the namespaces - field. null selector and - null or empty namespaces - list means "this pod's namespace". - An empty selector ({}) matches - all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace - names that the term applies - to. The term is applied - to the union of the namespaces - listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces - list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - imagePullSecrets: - description: If specified, the pod's imagePullSecrets - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priorityClassName: - description: If specified, the pod's priorityClassName. - type: string - serviceAccountName: - description: If specified, the pod's service - account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - type: object - type: array - type: object - type: object - serviceType: - description: Optional service type for Kubernetes - solver service. Supported values are NodePort - or ClusterIP. If unset, defaults to NodePort. - type: string - type: object - type: object - selector: - description: Selector selects a set of DNSNames on the Certificate - resource that should be solved using this challenge solver. - If not specified, the solver will be treated as the 'default' - solver with the lowest priority, i.e. if any other solver - has a more specific match, it will be used instead. - properties: - dnsNames: - description: List of DNSNames that this solver will - be used to solve. If specified and a match is found, - a dnsNames selector will take precedence over a dnsZones - selector. If multiple solvers match with the same - dnsNames value, the solver with the most matching - labels in matchLabels will be selected. If neither - has more matches, the solver defined earlier in the - list will be selected. - items: - type: string - type: array - dnsZones: - description: List of DNSZones that this solver will - be used to solve. The most specific DNS zone match - specified here will take precedence over other DNS - zone matches, so a solver specifying sys.example.com - will be selected over one specifying example.com for - the domain www.sys.example.com. If multiple solvers - match with the same dnsZones value, the solver with - the most matching labels in matchLabels will be selected. - If neither has more matches, the solver defined earlier - in the list will be selected. - items: - type: string - type: array - matchLabels: - additionalProperties: - type: string - description: A label selector that is used to refine - the set of certificate's that this challenge solver - will apply to. - type: object - type: object - type: object - type: array - required: - - privateKeySecretRef - - server - type: object - ca: - description: CA configures this issuer to sign certificates using - a signing CA keypair stored in a Secret resource. This is used to - build internal PKIs that are managed by cert-manager. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set, - certificates will be issued without distribution points set. - items: - type: string - type: array - ocspServers: - description: The OCSP server list is an X.509 v3 extension that - defines a list of URLs of OCSP responders. The OCSP responders - can be queried for the revocation status of an issued certificate. - If not set, the certificate will be issued with no OCSP servers - set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret used to sign - Certificates issued by this Issuer. - type: string - required: - - secretName - type: object - selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates - using the private key used to create the CertificateRequest object. - properties: - crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate - extension which identifies the location of the CRL from which - the revocation of this certificate can be checked. If not set - certificate will be issued without CDP. Values are strings. - items: - type: string - type: array - type: object - vault: - description: Vault configures this issuer to sign certificates using - a HashiCorp Vault PKI backend. - properties: - auth: - description: Auth configures how cert-manager authenticates with - the Vault server. - properties: - appRole: - description: AppRole authenticates with Vault using the App - Role auth mechanism, with the role and secret stored in - a Kubernetes Secret resource. - properties: - path: - description: 'Path where the App Role authentication backend - is mounted in Vault, e.g: "approle"' - type: string - roleId: - description: RoleID configured in the App Role authentication - backend when setting up the authentication backend in - Vault. - type: string - secretRef: - description: Reference to a key in a Secret that contains - the App Role secret used to authenticate with Vault. - The `key` field must be specified and denotes which - entry within the Secret resource is used as the app - role secret. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - required: - - path - - roleId - - secretRef - type: object - kubernetes: - description: Kubernetes authenticates with Vault by passing - the ServiceAccount token stored in the named Secret resource - to the Vault server. - properties: - mountPath: - description: The Vault mountPath here is the mount path - to use when authenticating with Vault. For example, - setting a value to `/v1/auth/foo`, will use the path - `/v1/auth/foo/login` to authenticate with Vault. If - unspecified, the default value "/v1/auth/kubernetes" - will be used. - type: string - role: - description: A required field containing the Vault Role - to assume. A Role binds a Kubernetes ServiceAccount - with a set of Vault policies. - type: string - secretRef: - description: The required Secret field containing a Kubernetes - ServiceAccount JWT used for authenticating with Vault. - Use of 'ambient credentials' is not supported. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this - field may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred - to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - serviceAccountRef: - description: A reference to a service account that will - be used to request a bound token (also known as "projected - token"). Compared to using "secretRef", using this field - means that you don't rely on statically bound tokens. - To use this field, you must configure an RBAC rule to - let cert-manager request a token. - properties: - name: - description: Name of the ServiceAccount used to request - a token. - type: string - required: - - name - type: object - required: - - role - type: object - tokenSecretRef: - description: TokenSecretRef authenticates with Vault by presenting - a token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - type: object - caBundle: - description: Base64-encoded bundle of PEM CAs which will be used - to validate the certificate chain presented by Vault. Only used - if using HTTPS to connect to Vault and ignored for HTTP connections. - Mutually exclusive with CABundleSecretRef. If neither CABundle - nor CABundleSecretRef are defined, the certificate bundle in - the cert-manager controller container is used to validate the - TLS connection. - format: byte - type: string - caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded - CAs to use when verifying the certificate chain presented by - Vault when using HTTPS. Mutually exclusive with CABundle. If - neither CABundle nor CABundleSecretRef are defined, the certificate - bundle in the cert-manager controller container is used to validate - the TLS connection. If no key for the Secret is specified, cert-manager - will default to 'ca.crt'. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field may - be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - namespace: - description: 'Name of the vault namespace. Namespaces is a set - of features within Vault Enterprise that allows Vault environments - to support Secure Multi-tenancy. e.g: "ns1" More about namespaces - can be found here https://www.vaultproject.io/docs/enterprise/namespaces' - type: string - path: - description: 'Path is the mount path of the Vault PKI backend''s - `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' - type: string - server: - description: 'Server is the connection address for the Vault server, - e.g: "https://vault.example.com:8200".' - type: string - required: - - auth - - path - - server - type: object - venafi: - description: Venafi configures this issuer to sign certificates using - a Venafi TPP or Venafi Cloud policy zone. - properties: - cloud: - description: Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. - properties: - apiTokenSecretRef: - description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. - properties: - key: - description: The key of the entry in the Secret resource's - `data` field to be used. Some instances of this field - may be defaulted, in others it may be required. - type: string - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: URL is the base URL for Venafi Cloud. Defaults - to "https://api.venafi.cloud/v1". - type: string - required: - - apiTokenSecretRef - type: object - tpp: - description: TPP specifies Trust Protection Platform configuration - settings. Only one of TPP or Cloud may be specified. - properties: - caBundle: - description: Base64-encoded bundle of PEM CAs which will be - used to validate the certificate chain presented by the - TPP server. Only used if using HTTPS; ignored for HTTP. - If undefined, the certificate bundle in the cert-manager - controller container is used to validate the chain. - format: byte - type: string - credentialsRef: - description: CredentialsRef is a reference to a Secret containing - the username and password for the TPP server. The secret - must contain two keys, 'username' and 'password'. - properties: - name: - description: 'Name of the resource being referred to. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - name - type: object - url: - description: 'URL is the base URL for the vedsdk endpoint - of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' - type: string - required: - - credentialsRef - - url - type: object - zone: - description: Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted - by the named zone policy. This field is required. - type: string - required: - - zone - type: object - type: object - status: - description: Status of the Issuer. This is set and managed automatically. - properties: - acme: - description: ACME specific status options. This field should only - be set if the Issuer is configured to use an ACME server to issue - certificates. - properties: - lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated - with the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with - the latest registered ACME account, in order to track changes - made to registered account associated with the Issuer - type: string - uri: - description: URI is the unique account identifier, which can also - be used to retrieve account details from the CA - type: string - type: object - conditions: - description: List of status conditions to indicate the status of a - CertificateRequest. Known condition types are `Ready`. - items: - description: IssuerCondition contains condition information for - an Issuer. - properties: - lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - type: string - message: - description: Message is a human readable description of the - details of the last transition, complementing reason. - type: string - observedGeneration: - description: If set, this represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.condition[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the Issuer. - format: int64 - type: integer - reason: - description: Reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: Status of the condition, one of (`True`, `False`, - `Unknown`). - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type of the condition, known values are (`Ready`). - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: orders.acme.cert-manager.io -spec: - group: acme.cert-manager.io - names: - categories: - - cert-manager - - cert-manager-acme - kind: Order - listKind: OrderList - plural: orders - singular: order - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.state - name: State - type: string - - jsonPath: .spec.issuerRef.name - name: Issuer - priority: 1 - type: string - - jsonPath: .status.reason - name: Reason - priority: 1 - type: string - - description: CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before - order across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Order is a type to represent an Order with an ACME server - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - commonName: - description: CommonName is the common name as specified on the DER - encoded CSR. If specified, this value must also be present in `dnsNames` - or `ipAddresses`. This field must match the corresponding field - on the DER encoded CSR. - type: string - dnsNames: - description: DNSNames is a list of DNS names that should be included - as part of the Order validation process. This field must match the - corresponding field on the DER encoded CSR. - items: - type: string - type: array - duration: - description: Duration is the duration for the not after date for the - requested certificate. this is set on order creation as pe the ACME - spec. - type: string - ipAddresses: - description: IPAddresses is a list of IP addresses that should be - included as part of the Order validation process. This field must - match the corresponding field on the DER encoded CSR. - items: - type: string - type: array - issuerRef: - description: IssuerRef references a properly configured ACME-type - Issuer which should be used to create this Order. If the Issuer - does not exist, processing will be retried. If the Issuer is not - an 'ACME' Issuer, an error will be returned and the Order will be - marked as failed. - properties: - group: - description: Group of the resource being referred to. - type: string - kind: - description: Kind of the resource being referred to. - type: string - name: - description: Name of the resource being referred to. - type: string - required: - - name - type: object - request: - description: Certificate signing request bytes in DER encoding. This - will be used when finalizing the order. This field must be set on - the order. - format: byte - type: string - required: - - issuerRef - - request - type: object - status: - properties: - authorizations: - description: Authorizations contains data returned from the ACME server - on what authorizations must be completed in order to validate the - DNS names specified on the Order. - items: - description: ACMEAuthorization contains data returned from the ACME - server on an authorization that must be completed in order validate - a DNS name on an ACME Order resource. - properties: - challenges: - description: Challenges specifies the challenge types offered - by the ACME server. One of these challenge types will be selected - when validating the DNS name and an appropriate Challenge - resource will be created to perform the ACME challenge process. - items: - description: Challenge specifies a challenge offered by the - ACME server for an Order. An appropriate Challenge resource - can be created to perform the ACME challenge process. - properties: - token: - description: Token is the token that must be presented - for this challenge. This is used to compute the 'key' - that must also be presented. - type: string - type: - description: Type is the type of challenge being offered, - e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is - the raw value retrieved from the ACME server. Only 'http-01' - and 'dns-01' are supported by cert-manager, other values - will be ignored. - type: string - url: - description: URL is the URL of this challenge. It can - be used to retrieve additional metadata about the Challenge - from the ACME server. - type: string - required: - - token - - type - - url - type: object - type: array - identifier: - description: Identifier is the DNS name to be validated as part - of this authorization - type: string - initialState: - description: InitialState is the initial state of the ACME authorization - when first fetched from the ACME server. If an Authorization - is already 'valid', the Order controller will not create a - Challenge resource for the authorization. This will occur - when working with an ACME server that enables 'authz reuse' - (such as Let's Encrypt's production endpoint). If not set - and 'identifier' is set, the state is assumed to be pending - and a Challenge will be created. - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL is the URL of the Authorization that must be - completed - type: string - wildcard: - description: Wildcard will be true if this authorization is - for a wildcard DNS name. If this is true, the identifier will - be the *non-wildcard* version of the DNS name. For example, - if '*.example.com' is the DNS name being validated, this field - will be 'true' and the 'identifier' field will be 'example.com'. - type: boolean - required: - - url - type: object - type: array - certificate: - description: Certificate is a copy of the PEM encoded certificate - for this Order. This field will be populated after the order has - been successfully finalized with the ACME server, and the order - has transitioned to the 'valid' state. - format: byte - type: string - failureTime: - description: FailureTime stores the time that this order failed. This - is used to influence garbage collection and back-off. - format: date-time - type: string - finalizeURL: - description: FinalizeURL of the Order. This is used to obtain certificates - for this order once it has been completed. - type: string - reason: - description: Reason optionally provides more information about a why - the order is in the current state. - type: string - state: - description: State contains the current state of this Order resource. - States 'success' and 'expired' are 'final' - enum: - - valid - - ready - - pending - - processing - - invalid - - expired - - errored - type: string - url: - description: URL of the Order. This will initially be empty when the - resource is first created. The Order controller will populate this - field when the Order is first processed. This field will be immutable - after it is initially set. - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -data: null -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - create - - update - - patch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -rules: -- apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -rules: -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificates/status - - certificaterequests - - certificaterequests/status - verbs: - - update - - patch -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - certificates/finalizers - - certificaterequests/finalizers - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -rules: -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - update - - patch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - get - - list - - watch -- apiGroups: - - cert-manager.io - resources: - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch - - create - - delete -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - get - - list - - watch - - create - - delete - - update -- apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - verbs: - - create - - update - - delete -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - - clusterissuers - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cert-manager-view -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: cert-manager-edit -rules: -- apiGroups: - - cert-manager.io - resources: - - certificates - - certificaterequests - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - certificates/status - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -rules: -- apiGroups: - - cert-manager.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch - - update -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - update - - patch -- apiGroups: - - certificates.k8s.io - resourceNames: - - issuers.cert-manager.io/* - - clusterissuers.cert-manager.io/* - resources: - - signers - verbs: - - sign -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -rules: -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-cainjector -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-issuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-issuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-clusterissuers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-clusterissuers -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificates -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificates -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-orders -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-orders -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-challenges -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-challenges -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-ingress-shim -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-ingress-shim -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-approve:cert-manager-io -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-approve:cert-manager-io -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-controller-certificatesigningrequests -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-controller-certificatesigningrequests -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:subjectaccessreviews -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cert-manager-webhook:subjectaccessreviews -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -rules: -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-cainjector:leaderelection -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager:leaderelection -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook:dynamic-serving - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-webhook:dynamic-serving -subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - ports: - - name: tcp-prometheus-servicemonitor - port: 9402 - protocol: TCP - targetPort: 9402 - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - type: ClusterIP - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - name: cert-manager-cainjector - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - template: - metadata: - creationTimestamp: null - labels: - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --leader-election-namespace=kube-system - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-cainjector - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-cainjector - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - name: cert-manager - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - template: - metadata: - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9402" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.10 - - --max-concurrent-challenges=60 - - --enable-certificate-owner-ref=true - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.12.10 - imagePullPolicy: IfNotPresent - name: cert-manager-controller - ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP - - containerPort: 9403 - name: http-healthz - protocol: TCP - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - template: - metadata: - creationTimestamp: null - labels: - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.12.10 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: 6080 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cert-manager-webhook - ports: - - containerPort: 10250 - name: https - protocol: TCP - - containerPort: 6080 - name: healthcheck - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 6080 - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - nodeSelector: null - priorityClassName: system-cluster-critical - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: cert-manager-webhook - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /mutate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from-secret: kube-system/cert-manager-webhook-ca - creationTimestamp: null - labels: - addon.kops.k8s.io/name: certmanager.io - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.12.10 - name: cert-manager-webhook -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: cert-manager-webhook - namespace: kube-system - path: /validate - failurePolicy: Fail - matchPolicy: Equivalent - name: webhook.cert-manager.io - namespaceSelector: - matchExpressions: - - key: cert-manager.io/disable-validation - operator: NotIn - values: - - "true" - rules: - - apiGroups: - - cert-manager.io - - acme.cert-manager.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - '*/*' - sideEffects: None - timeoutSeconds: 10 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content deleted file mode 100644 index 61f8f442f9..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - k8s-app: cluster-autoscaler - ---- - -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -rules: -- apiGroups: - - "" - resources: - - events - - endpoints - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - "" - resources: - - pods/status - verbs: - - update -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler - resources: - - endpoints - verbs: - - get - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - watch - - list - - get - - update -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - - replicationcontrollers - - persistentvolumeclaims - - persistentvolumes - verbs: - - watch - - list - - get -- apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - watch - - list - - get -- apiGroups: - - batch - - extensions - resources: - - jobs - verbs: - - get - - list - - patch - - watch -- apiGroups: - - extensions - resources: - - replicasets - - daemonsets - verbs: - - watch - - list - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - watch - - list -- apiGroups: - - apps - resources: - - daemonsets - - replicasets - - statefulsets - verbs: - - watch - - list - - get -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - - csidrivers - - csistoragecapacities - verbs: - - watch - - list - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - cluster-autoscaler - resources: - - leases - verbs: - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - "" - resourceNames: - - cluster-autoscaler-status - resources: - - configmaps - verbs: - - delete - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cluster-autoscaler -subjects: -- kind: ServiceAccount - name: cluster-autoscaler - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - ports: - - name: http - port: 8085 - protocol: TCP - targetPort: 8085 - selector: - app.kubernetes.io/name: cluster-autoscaler - type: ClusterIP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: cluster-autoscaler.addons.k8s.io - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - name: cluster-autoscaler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: cluster-autoscaler - template: - metadata: - annotations: - prometheus.io/port: "8085" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - app: cluster-autoscaler - app.kubernetes.io/name: cluster-autoscaler - k8s-addon: cluster-autoscaler.addons.k8s.io - k8s-app: cluster-autoscaler - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: node-role.kubernetes.io/spot-worker - operator: DoesNotExist - weight: 1 - containers: - - command: - - ./cluster-autoscaler - - --balance-similar-node-groups=false - - --emit-per-nodegroup-metrics=false - - --cloud-provider=aws - - --aws-use-static-instance-list=false - - --expander=random - - --nodes=2:2:nodes.minimal.example.com - - --ignore-daemonsets-utilization=false - - --scale-down-utilization-threshold=0.5 - - --skip-nodes-with-local-storage=true - - --skip-nodes-with-system-pods=true - - --scale-down-delay-after-add=10m0s - - --scale-down-unneeded-time=10m0s - - --scale-down-unready-time=20m0s - - --new-pod-scale-up-delay=0s - - --max-node-provision-time=15m0s - - --cordon-node-before-terminating=true - - --logtostderr=true - - --stderrthreshold=info - - --v=4 - env: - - name: AWS_REGION - value: us-test-1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/cluster-autoscaler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health-check - port: http - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: cluster-autoscaler - ports: - - containerPort: 8085 - name: http - protocol: TCP - resources: - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: ClusterFirst - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccountName: cluster-autoscaler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: cluster-autoscaler - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 94e92cc18b..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - version: v1.31.0-beta.1 - name: dns-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: dns-controller - strategy: - type: Recreate - template: - metadata: - creationTimestamp: null - labels: - k8s-addon: dns-controller.addons.k8s.io - k8s-app: dns-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - containers: - - args: - - --watch-ingress=false - - --dns=aws-route53 - - --zone=*/Z1AFAKE1ZON3YO - - --internal-ipv4 - - --zone=*/* - - -v=2 - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/dns-controller.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/kops/dns-controller:1.31.0-beta.1 - name: dns-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - dnsPolicy: Default - hostNetwork: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 10001 - serviceAccount: dns-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: dns-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - ingress - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: dns-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: dns-controller.addons.k8s.io - name: kops:dns-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops:dns-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:dns-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content deleted file mode 100644 index 4aa1194f1e..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ /dev/null @@ -1,227 +0,0 @@ -apiVersion: v1 -data: - config.yaml: | - {"clusterName":"minimal.example.com","cloud":"aws","configBase":"memfs://clusters.example.com/minimal.example.com","secretStore":"memfs://clusters.example.com/minimal.example.com/secrets","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}} -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - version: v1.31.0-beta.1 - name: kops-controller - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kops-controller - template: - metadata: - annotations: - dns.alpha.kubernetes.io/internal: kops-controller.internal.minimal.example.com - creationTimestamp: null - labels: - k8s-addon: kops-controller.addons.k8s.io - k8s-app: kops-controller - kops.k8s.io/managed-by: kops - version: v1.31.0-beta.1 - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: Exists - - key: kops.k8s.io/kops-controller-pki - operator: Exists - containers: - - args: - - --v=2 - - --conf=/etc/kubernetes/kops-controller/config/config.yaml - command: null - env: - - name: KUBERNETES_SERVICE_HOST - value: 127.0.0.1 - - name: KOPS_RUN_TOO_NEW_VERSION - value: "1" - image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 - name: kops-controller - resources: - requests: - cpu: 50m - memory: 50Mi - securityContext: - runAsNonRoot: true - runAsUser: 10011 - volumeMounts: - - mountPath: /etc/kubernetes/kops-controller/config/ - name: kops-controller-config - - mountPath: /etc/kubernetes/kops-controller/pki/ - name: kops-controller-pki - dnsPolicy: Default - hostNetwork: true - nodeSelector: null - priorityClassName: system-cluster-critical - serviceAccount: kops-controller - tolerations: - - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - - key: node.kubernetes.io/not-ready - operator: Exists - - key: node-role.kubernetes.io/master - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - volumes: - - configMap: - name: kops-controller - name: kops-controller-config - - hostPath: - path: /etc/kubernetes/kops-controller/ - type: Directory - name: kops-controller-pki - updateStrategy: - type: OnDelete - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "" - - coordination.k8s.io - resourceNames: - - kops-controller-leader - resources: - - configmaps - - leases - verbs: - - get - - list - - watch - - patch - - update - - delete -- apiGroups: - - "" - - coordination.k8s.io - resources: - - configmaps - - leases - verbs: - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kops-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kops-controller.addons.k8s.io - name: kops-controller - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kops-controller -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:serviceaccount:kube-system:kops-controller diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content deleted file mode 100644 index 658d9975d5..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content +++ /dev/null @@ -1,276 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: system:aggregated-metrics-reader -rules: -- apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -rules: -- apiGroups: - - "" - resources: - - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - - pods - - nodes - verbs: - - get - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: system:metrics-server -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:metrics-server -subjects: -- kind: ServiceAccount - name: metrics-server - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - k8s-app: metrics-server - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - k8s-app: metrics-server - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metrics-server - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --secure-port=4443 - - --kubelet-use-node-status-port - - --metric-resolution=15s - - --kubelet-preferred-address-types=Hostname - - --cert-dir=/tmp - - --kubelet-insecure-tls - image: registry.k8s.io/metrics-server/metrics-server:v0.7.1 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: https - scheme: HTTPS - periodSeconds: 10 - name: metrics-server - ports: - - containerPort: 4443 - name: https - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - periodSeconds: 10 - resources: - requests: - cpu: 100m - memory: 200Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: tmp-dir - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: metrics-server - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: metrics-server - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - emptyDir: {} - name: tmp-dir - ---- - -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: v1beta1.metrics.k8s.io -spec: - group: metrics.k8s.io - groupPriorityMinimum: 100 - insecureSkipTLSVerify: true - service: - name: metrics-server - namespace: kube-system - version: v1beta1 - versionPriority: 100 - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metrics-server.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-app: metrics-server - name: metrics-server - namespace: kube-system -spec: - minAvailable: 1 - selector: - matchLabels: - k8s-app: metrics-server diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content deleted file mode 100644 index d0a993d01a..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content +++ /dev/null @@ -1,682 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - role.kubernetes.io/networking: "1" - name: eniconfigs.crd.k8s.amazonaws.com -spec: - group: crd.k8s.amazonaws.com - names: - kind: ENIConfig - plural: eniconfigs - singular: eniconfig - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ENIConfig is the Schema for the eniconfigs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ENIConfigSpec defines the desired state of ENIConfig - properties: - securityGroups: - items: - type: string - type: array - subnet: - type: string - required: - - subnet - type: object - status: - description: ENIConfigStatus defines the observed state of ENIConfig - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: amazon-network-policy-controller-k8s - role.kubernetes.io/networking: "1" - name: policyendpoints.networking.k8s.aws -spec: - group: networking.k8s.aws - names: - kind: PolicyEndpoint - listKind: PolicyEndpointList - plural: policyendpoints - singular: policyendpoint - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PolicyEndpoint is the Schema for the policyendpoints API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PolicyEndpointSpec defines the desired state of PolicyEndpoint - properties: - egress: - description: Egress is the list of egress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - ingress: - description: Ingress is the list of ingress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - required: - - cidr - type: object - type: array - podIsolation: - description: PodIsolation specifies whether the pod needs to be isolated - for a particular traffic direction Ingress or Egress, or both. If - default isolation is not specified, and there are no ingress/egress - rules, then the pod is not isolated from the point of view of this - policy. This follows the NetworkPolicy spec.PolicyTypes. - items: - description: PolicyType string describes the NetworkPolicy type - This type is beta-level in 1.8 - type: string - type: array - podSelector: - description: PodSelector is the podSelector from the policy resource - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelectorEndpoints: - description: PodSelectorEndpoints contains information about the pods - matching the podSelector - items: - description: PodEndpoint defines the summary information for the - pods - properties: - hostIP: - description: HostIP is the IP address of the host the pod is - currently running on - type: string - name: - description: Name is the pod name - type: string - namespace: - description: Namespace is the pod namespace - type: string - podIP: - description: PodIP is the IP address of the pod - type: string - required: - - hostIP - - name - - namespace - - podIP - type: object - type: array - policyRef: - description: PolicyRef is a reference to the Kubernetes NetworkPolicy - resource. - properties: - name: - description: Name is the name of the Policy - type: string - namespace: - description: Namespace is the namespace of the Policy - type: string - required: - - name - - namespace - type: object - required: - - policyRef - type: object - status: - description: PolicyEndpointStatus defines the observed state of PolicyEndpoint - type: object - type: object - served: true - storage: true - subresources: - status: {} - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system - ---- - -apiVersion: v1 -data: - branch-eni-cooldown: "60" - enable-network-policy-controller: "false" - enable-windows-ipam: "false" - enable-windows-prefix-delegation: "false" - minimum-ip-target: "3" - warm-ip-target: "1" - warm-prefix-target: "0" -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: amazon-vpc-cni - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.0 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -rules: -- apiGroups: - - crd.k8s.amazonaws.com - resources: - - eniconfigs - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - get -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - list -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.aws - resources: - - policyendpoints/status - verbs: - - get -- apiGroups: - - vpcresources.k8s.aws - resources: - - cninodes - verbs: - - get - - list - - watch - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node -subjects: -- kind: ServiceAccount - name: aws-node - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: networking.amazon-vpc-routed-eni - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node - app.kubernetes.io/version: v1.19.2 - k8s-app: aws-node - role.kubernetes.io/networking: "1" - name: aws-node - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: aws-node - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: aws-vpc-cni - app.kubernetes.io/name: aws-node - k8s-app: aws-node - kops.k8s.io/managed-by: kops - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate - - hybrid - - auto - containers: - - env: - - name: ADDITIONAL_ENI_TAGS - value: '{"KubernetesCluster":"minimal.example.com","kubernetes.io/cluster/minimal.example.com":"owned"}' - - name: AWS_VPC_CNI_NODE_PORT_SUPPORT - value: "true" - - name: AWS_VPC_ENI_MTU - value: "9001" - - name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER - value: "false" - - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG - value: "false" - - name: AWS_VPC_K8S_CNI_EXTERNALSNAT - value: "false" - - name: AWS_VPC_K8S_CNI_LOGLEVEL - value: DEBUG - - name: AWS_VPC_K8S_CNI_LOG_FILE - value: /host/var/log/aws-routed-eni/ipamd.log - - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT - value: prng - - name: AWS_VPC_K8S_CNI_VETHPREFIX - value: eni - - name: AWS_VPC_K8S_PLUGIN_LOG_FILE - value: /var/log/aws-routed-eni/plugin.log - - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL - value: DEBUG - - name: DISABLE_INTROSPECTION - value: "false" - - name: DISABLE_METRICS - value: "false" - - name: DISABLE_NETWORK_RESOURCE_PROVISIONING - value: "false" - - name: ENABLE_IPv4 - value: "true" - - name: ENABLE_IPv6 - value: "false" - - name: ENABLE_POD_ENI - value: "false" - - name: ENABLE_PREFIX_DELEGATION - value: "false" - - name: ENABLE_SUBNET_DISCOVERY - value: "true" - - name: NETWORK_POLICY_ENFORCING_MODE - value: standard - - name: WARM_ENI_TARGET - value: "1" - - name: WARM_PREFIX_TARGET - value: "1" - - name: VPC_CNI_VERSION - value: v1.19.2 - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: MY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: CLUSTER_NAME - value: minimal.example.com - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.19.2 - livenessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 60 - timeoutSeconds: 10 - name: aws-node - ports: - - containerPort: 61678 - name: metrics - readinessProbe: - exec: - command: - - /app/grpc-health-probe - - -addr=:50051 - - -connect-timeout=5s - - -rpc-timeout=5s - initialDelaySeconds: 1 - timeoutSeconds: 10 - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /host/var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - - mountPath: /run/xtables.lock - name: xtables-lock - - args: - - --enable-ipv6=false - - --enable-network-policy=false - - --enable-cloudwatch-logs=false - - --enable-policy-event-logs=false - - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - - --metrics-bind-addr=:8162 - - --health-probe-bind-addr=:8163 - - --conntrack-cache-cleanup-period=300 - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.6 - name: aws-eks-nodeagent - resources: - requests: - cpu: 25m - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /sys/fs/bpf - name: bpf-pin-path - - mountPath: /var/log/aws-routed-eni - name: log-dir - - mountPath: /var/run/aws-node - name: run-dir - hostNetwork: true - initContainers: - - env: - - name: DISABLE_TCP_EARLY_DEMUX - value: "false" - - name: ENABLE_IPv6 - value: "false" - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.19.2 - name: aws-vpc-cni-init - resources: - requests: - cpu: 25m - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - priorityClassName: system-node-critical - serviceAccountName: aws-node - terminationGracePeriodSeconds: 10 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /sys/fs/bpf - name: bpf-pin-path - - hostPath: - path: /opt/cni/bin - name: cni-bin-dir - - hostPath: - path: /etc/cni/net.d - name: cni-net-dir - - hostPath: - path: /var/log/aws-routed-eni - type: DirectoryOrCreate - name: log-dir - - hostPath: - path: /var/run/aws-node - type: DirectoryOrCreate - name: run-dir - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content deleted file mode 100644 index da3a64de54..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content +++ /dev/null @@ -1,285 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - extensions - resources: - - daemonsets - verbs: - - get -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aws-node-termination-handler -subjects: -- kind: ServiceAccount - name: aws-node-termination-handler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - app.kubernetes.io/part-of: aws-node-termination-handler - app.kubernetes.io/version: v1.22.0 - k8s-addon: node-termination-handler.aws - k8s-app: aws-node-termination-handler - name: aws-node-termination-handler - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kubernetes.io/os: linux - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/component: deployment - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - k8s-app: aws-node-termination-handler - kops.k8s.io/managed-by: kops - kops.k8s.io/nth-mode: sqs - kubernetes.io/os: linux - spec: - containers: - - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: "true" - - name: PROBES_SERVER_PORT - value: "8080" - - name: PROBES_SERVER_ENDPOINT - value: /healthz - - name: LOG_LEVEL - value: info - - name: JSON_LOGGING - value: "true" - - name: LOG_FORMAT_VERSION - value: "2" - - name: ENABLE_PROMETHEUS_SERVER - value: "false" - - name: PROMETHEUS_SERVER_PORT - value: "9092" - - name: CHECK_TAG_BEFORE_DRAINING - value: "true" - - name: MANAGED_TAG - value: aws-node-termination-handler/managed - - name: USE_PROVIDER_ID - value: "true" - - name: DRY_RUN - value: "false" - - name: CORDON_ONLY - value: "false" - - name: TAINT_NODE - value: "false" - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: "true" - - name: DELETE_LOCAL_DATA - value: "true" - - name: IGNORE_DAEMON_SETS - value: "true" - - name: POD_TERMINATION_GRACE_PERIOD - value: "-1" - - name: NODE_TERMINATION_GRACE_PERIOD - value: "120" - - name: EMIT_KUBERNETES_EVENTS - value: "true" - - name: COMPLETE_LIFECYCLE_ACTION_DELAY_SECONDS - value: "-1" - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "true" - - name: QUEUE_URL - value: https://sqs.us-test-1.amazonaws.com/123456789012/minimal-example-com-nth - - name: DELETE_SQS_MSG_IF_NODE_NOT_FOUND - value: "false" - - name: WORKERS - value: "10" - - name: AWS_ROLE_ARN - value: arn:aws-test:iam::123456789012:role/aws-node-termination-handler.kube-system.sa.minimal.example.com - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: /var/run/secrets/amazonaws.com/token - image: public.ecr.aws/aws-ec2/aws-node-termination-handler:v1.22.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - name: aws-node-termination-handler - ports: - - containerPort: 8080 - name: liveness-probe - protocol: TCP - - containerPort: 9092 - name: metrics - protocol: TCP - resources: - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 1000 - runAsNonRoot: true - runAsUser: 1000 - volumeMounts: - - mountPath: /var/run/secrets/amazonaws.com/ - name: token-amazonaws-com - readOnly: true - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1000 - serviceAccountName: aws-node-termination-handler - topologySpreadConstraints: - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: token-amazonaws-com - projected: - defaultMode: 420 - sources: - - serviceAccountToken: - audience: amazonaws.com - expirationSeconds: 86400 - path: token - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: node-termination-handler.aws - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/managed-by: kops - app.kubernetes.io/name: aws-node-termination-handler - k8s-addon: node-termination-handler.aws - name: aws-node-termination-handler - namespace: kube-system -spec: - maxUnavailable: 1 - selector: - matchLabels: - app.kubernetes.io/instance: aws-node-termination-handler - app.kubernetes.io/name: aws-node-termination-handler - kops.k8s.io/nth-mode: sqs diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 85ae1090ae..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,206 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: node-local-dns - namespace: kube-system - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: KubeDNSUpstream - name: kube-dns-upstream - namespace: kube-system -spec: - ports: - - name: dns - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - selector: - k8s-app: kube-dns - ---- - -apiVersion: v1 -data: - Corefile: | - cluster.local:53 { - errors - cache { - success 9984 30 - denial 9984 5 - } - reload - loop - bind 169.254.20.10 - forward . __PILLAR__CLUSTER__DNS__ { - force_tcp - } - prometheus :9253 - health 169.254.20.10:3989 - } - in-addr.arpa:53 { - errors - cache 30 - reload - loop - bind 169.254.20.10 - forward . __PILLAR__CLUSTER__DNS__ { - force_tcp - } - prometheus :9253 - } - ip6.arpa:53 { - errors - cache 30 - reload - loop - bind 169.254.20.10 - forward . __PILLAR__CLUSTER__DNS__ { - force_tcp - } - prometheus :9253 - } - .:53 { - errors - cache 30 - reload - loop - bind 169.254.20.10 - forward . __PILLAR__UPSTREAM__SERVERS__ - prometheus :9253 - } - googleapis.com:53 { - bind 169.254.20.10 - forward . 10.238.1.130 - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - name: node-local-dns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: nodelocaldns.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: nodelocaldns.addons.k8s.io - k8s-app: node-local-dns - kubernetes.io/cluster-service: "true" - name: node-local-dns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: node-local-dns - template: - metadata: - annotations: - prometheus.io/port: "9253" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - k8s-app: node-local-dns - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - -localip=169.254.20.10 - - -conf=/etc/Corefile - - -upstreamsvc=kube-dns-upstream - - -setupiptables=false - image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 - livenessProbe: - httpGet: - host: 169.254.20.10 - path: /health - port: 3989 - initialDelaySeconds: 60 - timeoutSeconds: 5 - name: node-cache - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9253 - name: metrics - protocol: TCP - resources: - requests: - cpu: 25m - memory: 5Mi - securityContext: - capabilities: - add: - - NET_ADMIN - volumeMounts: - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /etc/coredns - name: config-volume - - mountPath: /etc/kube-dns - name: kube-dns-config - dnsPolicy: Default - hostNetwork: true - priorityClassName: system-node-critical - serviceAccountName: node-local-dns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: /run/xtables.lock - type: FileOrCreate - name: xtables-lock - - configMap: - name: kube-dns - optional: true - name: kube-dns-config - - configMap: - items: - - key: Corefile - path: Corefile.base - name: node-local-dns - name: config-volume - updateStrategy: - type: OnDelete diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content deleted file mode 100644 index f382104015..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content +++ /dev/null @@ -1,1372 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotclasses.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotClass - listKind: VolumeSnapshotClassList - plural: volumesnapshotclasses - shortNames: - - vsclass - - vsclasses - singular: volumesnapshotclass - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: true - subresources: {} - - additionalPrinterColumns: - - jsonPath: .driver - name: Driver - type: string - - description: Determines whether a VolumeSnapshotContent created through the - VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. - jsonPath: .deletionPolicy - name: DeletionPolicy - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotClass - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. - Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - parameters: - additionalProperties: - type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. - type: object - required: - - deletionPolicy - - driver - type: object - served: true - storage: false - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshotcontents.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshotContent - listKind: VolumeSnapshotContentList - plural: volumesnapshotcontents - shortNames: - - vsc - - vscs - singular: volumesnapshotcontent - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - oneOf: - - required: - - snapshotHandle - - required: - - volumeHandle - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: Represents the complete size of the snapshot in bytes - jsonPath: .status.restoreSize - name: RestoreSize - type: integer - - description: Determines whether this VolumeSnapshotContent and its physical - snapshot on the underlying storage system should be deleted when its bound - VolumeSnapshot is deleted. - jsonPath: .spec.deletionPolicy - name: DeletionPolicy - type: string - - description: Name of the CSI driver used to create the physical snapshot on - the underlying storage system. - jsonPath: .spec.driver - name: Driver - type: string - - description: Name of the VolumeSnapshotClass to which this snapshot belongs. - jsonPath: .spec.volumeSnapshotClassName - name: VolumeSnapshotClass - type: string - - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.name - name: VolumeSnapshot - type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent - object is bound. - jsonPath: .spec.volumeSnapshotRef.namespace - name: VolumeSnapshotNamespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshotContent - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. - properties: - deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. - enum: - - Delete - - Retain - type: string - driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. - type: string - source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. - properties: - snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. - This field is immutable. - type: string - type: object - volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. - type: string - volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. - Required. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - required: - - deletionPolicy - - driver - - source - - volumeSnapshotRef - type: object - status: - description: status represents the current information of a snapshot. - properties: - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. - format: int64 - type: integer - error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. - format: int64 - minimum: 0 - type: integer - snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. - type: string - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/419 - controller-gen.kubebuilder.io/version: v0.4.0 - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: volumesnapshots.snapshot.storage.k8s.io -spec: - group: snapshot.storage.k8s.io - names: - kind: VolumeSnapshot - listKind: VolumeSnapshotList - plural: volumesnapshots - shortNames: - - vs - singular: volumesnapshot - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - oneOf: - - required: - - persistentVolumeClaimName - - required: - - volumeSnapshotContentName - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - description: Indicates if the snapshot is ready to be used to restore a volume. - jsonPath: .status.readyToUse - name: ReadyToUse - type: boolean - - description: If a new snapshot needs to be created, this contains the name of - the source PVC from which this snapshot was (or will be) created. - jsonPath: .spec.source.persistentVolumeClaimName - name: SourcePVC - type: string - - description: If a snapshot already exists, this contains the name of the existing - VolumeSnapshotContent object representing the existing snapshot. - jsonPath: .spec.source.volumeSnapshotContentName - name: SourceSnapshotContent - type: string - - description: Represents the minimum size of volume required to rehydrate from - this snapshot. - jsonPath: .status.restoreSize - name: RestoreSize - type: string - - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. - jsonPath: .spec.volumeSnapshotClassName - name: SnapshotClass - type: string - - description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot - object intends to bind to. Please note that verification of binding actually - requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure - both are pointing at each other. Binding MUST be verified prior to usage of - this object. - jsonPath: .status.boundVolumeSnapshotContentName - name: SnapshotContent - type: string - - description: Timestamp when the point-in-time snapshot was taken by the underlying - storage system. - jsonPath: .status.creationTime - name: CreationTime - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated; - use snapshot.storage.k8s.io/v1 VolumeSnapshot - name: v1beta1 - schema: - openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time - snapshot of a persistent volume, or binding to a pre-existing snapshot. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' - properties: - source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. - properties: - persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. - This field is immutable. - type: string - volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. - type: string - type: object - volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' - type: string - required: - - source - type: object - status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. - properties: - boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' - type: string - creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. - format: date-time - type: string - error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurrs during the snapshot creation. Upon success, this error field - will be cleared. - properties: - message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' - type: string - time: - description: time is the timestamp when the error was encountered. - format: date-time - type: string - type: object - readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. - type: boolean - restoreSize: - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true - type: object - required: - - spec - type: object - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - list - - delete - - update - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-runner -rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - create - - get - - list - - watch - - delete - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - update - - patch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: snapshot-controller-leaderelection -subjects: -- kind: ServiceAccount - name: snapshot-controller - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller-role -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: snapshot-controller-runner -subjects: -- kind: ServiceAccount - name: snapshot-controller - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-controller - namespace: kube-system -spec: - minReadySeconds: 15 - replicas: 2 - selector: - matchLabels: - app: snapshot-controller - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --v=5 - - --leader-election=true - image: registry.k8s.io/sig-storage/snapshot-controller:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-controller - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-controller - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app: snapshot-validation - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-deployment - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: snapshot-validation - template: - metadata: - creationTimestamp: null - labels: - app: snapshot-validation - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt - - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key - image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.0.1 - imagePullPolicy: IfNotPresent - name: snapshot-validation - ports: - - containerPort: 443 - volumeMounts: - - mountPath: /etc/snapshot-validation-webhook/certs - name: snapshot-validation-webhook-certs - readOnly: true - serviceAccountName: snapshot-controller - topologySpreadConstraints: - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - app: snapshot-validation - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - volumes: - - name: snapshot-validation-webhook-certs - secret: - secretName: snapshot-validation-secret - ---- - -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: snapshot-validation - ---- - -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: kube-system/snapshot-validation-service - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: validation-webhook.snapshot.storage.k8s.io -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: snapshot-validation-service - namespace: kube-system - path: /volumesnapshot - failurePolicy: Ignore - name: validation-webhook.snapshot.storage.k8s.io - rules: - - apiGroups: - - snapshot.storage.k8s.io - apiVersions: - - v1 - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - volumesnapshots - - volumesnapshotcontents - scope: '*' - sideEffects: None - timeoutSeconds: 2 - ---- - -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: snapshot-controller.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: snapshot-controller.addons.k8s.io - name: snapshot-validation-service - namespace: kube-system -spec: - dnsNames: - - snapshot-validation-service.kube-system.svc - - snapshot-validation-service.kube-system.svc.minimal.example.com - issuerRef: - kind: Issuer - name: snapshot-controller.addons.k8s.io - secretName: snapshot-validation-secret diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content deleted file mode 100644 index e0ab5ef990..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ /dev/null @@ -1,334 +0,0 @@ -APIServerConfig: - API: - dns: {} - publicName: api.minimal.example.com - ClusterDNSDomain: cluster.local - KubeAPIServer: - allowPrivileged: true - anonymousAuth: false - apiAudiences: - - kubernetes.svc.default - apiServerCount: 1 - authorizationMode: AlwaysAllow - bindAddress: 0.0.0.0 - cloudProvider: external - enableAdmissionPlugins: - - NamespaceLifecycle - - LimitRanger - - ServiceAccount - - DefaultStorageClass - - DefaultTolerationSeconds - - MutatingAdmissionWebhook - - ValidatingAdmissionWebhook - - NodeRestriction - - ResourceQuota - enableAggregatorRouting: true - etcdServers: - - https://127.0.0.1:4001 - etcdServersOverrides: - - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 - kubeletPreferredAddressTypes: - - InternalIP - - Hostname - - ExternalIP - logLevel: 2 - requestheaderAllowedNames: - - aggregator - requestheaderExtraHeaderPrefixes: - - X-Remote-Extra- - requestheaderGroupHeaders: - - X-Remote-Group - requestheaderUsernameHeaders: - - X-Remote-User - securePort: 443 - serviceAccountIssuer: https://discovery.example.com/minimal.example.com - serviceAccountJWKSURI: https://discovery.example.com/minimal.example.com/openid/v1/jwks - serviceClusterIPRange: 100.64.0.0/13 - storageBackend: etcd3 - ServiceAccountPublicKeys: | - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKm - XVSysPKgE80QSU4tZ6m49pAEeIMsvwvDMaLsb2v6JvXe0qvCmueU+/sCAwEAAQ== - -----END RSA PUBLIC KEY----- - -----BEGIN RSA PUBLIC KEY----- - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKOE64nZbH+GM91AIrqf7HEk4hvzqsZF - Ftxc+8xir1XC3mI/RhCCrs6AdVRZNZ26A6uHArhi33c2kHQkCjyLA7sCAwEAAQ== - -----END RSA PUBLIC KEY----- -Assets: - amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 - arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 -CAs: - apiserver-aggregator-ca: | - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gINaZLHjisEcbMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTExMloX - DTMxMDYzMDA0NTExMlowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQAHAomFKsF4jvYX - WM/UzQXDj9nSAFTf8dBPCXyZZNotsOH7+P6W4mMiuVs8bAuGiXGUdbsQ2lpiT/Rk - CzMeMdr4 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgjCCASygAwIBAgIMFo3gM0nxQpiX/agfMA0GCSqGSIb3DQEBCwUAMCIxIDAe - BgNVBAMTF2FwaXNlcnZlci1hZ2dyZWdhdG9yLWNhMB4XDTIxMDYzMDA0NTIzMVoX - DTMxMDYzMDA0NTIzMVowIjEgMB4GA1UEAxMXYXBpc2VydmVyLWFnZ3JlZ2F0b3It - Y2EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyyE71AOU3go5XFegLQ6fidI0LhhM - x7CzpTzh2xWKcHUfbNI7itgJvC/+GlyG5W+DF5V7ba0IJiQLsFve0oLdewIDAQAB - o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU - ALfqF5ZmfqvqORuJIFilZYKF3d0wDQYJKoZIhvcNAQELBQADQQCXsoezoxXu2CEN - QdlXZOfmBT6cqxIX/RMHXhpHwRiqPsTO8IO2bVA8CSzxNwMuSv/ZtrMHoh8+PcVW - HLtkTXH8 - -----END CERTIFICATE----- - etcd-clients-ca: | - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1ogHnr26DL9YkqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjE5MDFaFw0zMTA2Mjgx - NjE5MDFaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAAZAdf8ROEVkr3Rf7I+s+CQOil2toadlKWOY - qCeJ2XaEROfp9aUTEIU1MGM3g57MPyAPPU7mURskuOQz6B1UFaY= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBcjCCARygAwIBAgIMFo1olfBnC/CsT+dqMA0GCSqGSIb3DQEBCwUAMBoxGDAW - BgNVBAMTD2V0Y2QtY2xpZW50cy1jYTAeFw0yMTA2MjgxNjIwMzNaFw0zMTA2Mjgx - NjIwMzNaMBoxGDAWBgNVBAMTD2V0Y2QtY2xpZW50cy1jYTBcMA0GCSqGSIb3DQEB - AQUAA0sAMEgCQQDYlt4Xx03Cp8QooPrloaVWznx9aQDSpl1UsrDyoBPNEElOLWep - uPaQBHiDLL8LwzGi7G9r+ib13tKrwprnlPv7AgMBAAGjQjBAMA4GA1UdDwEB/wQE - AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjlt4Ue54AbJPWlDpRM51s - x+PeBDANBgkqhkiG9w0BAQsFAANBAF1xUz77PlUVUnd9duF8F7plou0TONC9R6/E - YQ8C6vM1b+9NSDGjCW8YmwEU2fBgskb/BBX2lwVZ32/RUEju4Co= - -----END CERTIFICATE----- - etcd-manager-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bKjm04vB4rNtaMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAwOTU2WhcN - MzEwNzA1MjAwOTU2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKiC8tndMlEFZ7qzeKxeKqFVjaYpsh/H - g7RxWo15+1kgH3suO0lxp9+RxSVv97hnsfbySTPZVhy2cIQj7eZtZt8CAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBg6 - CEZkQNnRkARBwFce03AEWa+sMA0GCSqGSIb3DQEBCwUAA0EAJMnBThok/uUe8q8O - sS5q19KUuE8YCTUzMDj36EBKf6NX4NoakCa1h6kfQVtlMtEIMWQZCjbm8xGK5ffs - GS/VUw== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBgDCCASqgAwIBAgIMFo+bQ+EgIiBmGghjMA0GCSqGSIb3DQEBCwUAMCExHzAd - BgNVBAMTFmV0Y2QtbWFuYWdlci1jYS1ldmVudHMwHhcNMjEwNzA1MjAxMTQ2WhcN - MzEwNzA1MjAxMTQ2WjAhMR8wHQYDVQQDExZldGNkLW1hbmFnZXItY2EtZXZlbnRz - MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKFhHVVxxDGv8d1jBvtdSxz7KIVoBOjL - DMxsmTsINiQkTQaFlb+XPlnY1ar4+RhE519AFUkqfhypk4Zxqf1YFXUCAwEAAaNC - MEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNuW - LLH5c8kDubDbr6BHgedW0iJ9MA0GCSqGSIb3DQEBCwUAA0EAiKUoBoaGu7XzboFE - hjfKlX0TujqWuW3qMxDEJwj4dVzlSLrAoB/G01MJ+xxYKh456n48aG6N827UPXhV - cPfVNg== - -----END CERTIFICATE----- - etcd-manager-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjm1c3jfv6hIMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAxbkDbGYmCSShpRG3r+lzTOFujyuruRfjOhYm - ZRX4w1Utd5y63dUc98sjc9GGUYMHd+0k1ql/a48tGhnK6N6jJwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWZLkbBFx - GAgPU4i62c52unSo7RswDQYJKoZIhvcNAQELBQADQQAj6Pgd0va/8FtkyMlnohLu - Gf4v8RJO6zk3Y6jJ4+cwWziipFM1ielMzSOZfFcCZgH3m5Io40is4hPSqyq2TOA6 - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eg8Si30gr4MA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtbWFuYWdlci1jYS1tYWluMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1tYW5hZ2VyLWNhLW1haW4wXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAw33jzcd/iosN04b0WXbDt7B0c3sJ3aafcGLP - vG3xRB9N5bYr9+qZAq3mzAFkxscn4j1ce5b1/GKTDEAClmZgdQIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUE/h+3gDP - DvKwHRyiYlXM8voZ1wowDQYJKoZIhvcNAQELBQADQQBXuimeEoAOu5HN4hG7NqL9 - t40K3ZRhRZv3JQWnRVJCBDjg1rD0GQJR/n+DoWvbeijI5C9pNjr2pWSIYR1eYCvd - -----END CERTIFICATE----- - etcd-peers-ca-events: | - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bKjmxTPh3/lYJMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMDk1NloXDTMx - MDcwNTIwMDk1NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAv5g4HF2xmrYyouJfY9jXx1M3gPLD/pupvxPY - xyjJw5pNCy5M5XGS3iTqRD5RDE0fWudVHFZKLIe8WPc06NApXwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUf6xiDI+O - Yph1ziCGr2hZaQYt+fUwDQYJKoZIhvcNAQELBQADQQBBxj5hqEQstonTb8lnqeGB - DEYtUeAk4eR/HzvUMjF52LVGuvN3XVt+JTrFeKNvb6/RDUbBNRj3azalcUkpPh6V - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBfDCCASagAwIBAgIMFo+bQ+Eq69jgzpKwMA0GCSqGSIb3DQEBCwUAMB8xHTAb - BgNVBAMTFGV0Y2QtcGVlcnMtY2EtZXZlbnRzMB4XDTIxMDcwNTIwMTE0NloXDTMx - MDcwNTIwMTE0NlowHzEdMBsGA1UEAxMUZXRjZC1wZWVycy1jYS1ldmVudHMwXDAN - BgkqhkiG9w0BAQEFAANLADBIAkEAo5Nj2CjX1qp3mEPw1H5nHAFWLoGNSLSlRFJW - 03NxaNPMFzL5PrCoyOXrX8/MWczuZYw0Crf8EPOOQWi2+W0XLwIDAQABo0IwQDAO - BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxauhhKQh - cvdZND78rHe0RQVTTiswDQYJKoZIhvcNAQELBQADQQB+cq4jIS9q0zXslaRa+ViI - J+dviA3sMygbmSJO0s4DxYmoazKJblux5q0ASSvS9iL1l9ShuZ1dWyp2tpZawHyb - -----END CERTIFICATE----- - etcd-peers-ca-main: | - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bKjmuLDDLcDHsMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDA5NTZaFw0zMTA3 - MDUyMDA5NTZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCyRaXWpwgN6INQqws9p/BvPElJv2Rno9dVTFhlQqDA - aUJXe7MBmiO4NJcW76EozeBh5ztR3/4NE1FM2x8TisS3AgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtE1d49uSvpURf - OQ25Vlu6liY20DANBgkqhkiG9w0BAQsFAANBAAgLVaetJZcfOA3OIMMvQbz2Ydrt - uWF9BKkIad8jrcIrm3IkOtR8bKGmDIIaRKuG/ZUOL6NMe2fky3AAfKwleL4= - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBeDCCASKgAwIBAgIMFo+bQ+EuVthBfuZvMA0GCSqGSIb3DQEBCwUAMB0xGzAZ - BgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjAeFw0yMTA3MDUyMDExNDZaFw0zMTA3 - MDUyMDExNDZaMB0xGzAZBgNVBAMTEmV0Y2QtcGVlcnMtY2EtbWFpbjBcMA0GCSqG - SIb3DQEBAQUAA0sAMEgCQQCxNbycDZNx5V1ZOiXxZSvaFpHRwKeHDfcuMUitdoPt - naVMlMTGDWAMuCVmFHFAWohIYynemEegmZkZ15S7AErfAgMBAAGjQjBAMA4GA1Ud - DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAjQ8T4HclPIsC - qipEfUIcLP6jqTANBgkqhkiG9w0BAQsFAANBAJdZ17TN3HlWrH7HQgfR12UBwz8K - G9DurDznVaBVUYaHY8Sg5AvAXeb+yIF2JMmRR+bK+/G1QYY2D3/P31Ic2Oo= - -----END CERTIFICATE----- - kubernetes-ca: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- -ClusterName: minimal.example.com -ControlPlaneConfig: - KubeControllerManager: - allocateNodeCIDRs: true - attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: external - clusterCIDR: 172.20.128.0/17 - clusterName: minimal.example.com - configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 - useServiceAccountCredentials: true - KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 - leaderElection: - leaderElect: true - logLevel: 2 -DNSZone: Z1AFAKE1ZON3YO -DefaultMachineType: m3.medium -EtcdClusterNames: -- main -- events -FileAssets: -- content: | - apiVersion: kubescheduler.config.k8s.io/v1 - clientConnection: - kubeconfig: /var/lib/kube-scheduler/kubeconfig - kind: KubeSchedulerConfiguration - path: /var/lib/kube-scheduler/config.yaml -Hooks: -- null -- null -KeypairIDs: - apiserver-aggregator-ca: "6980187172486667078076483355" - etcd-clients-ca: "6979622252718071085282986282" - etcd-manager-ca-events: "6982279354000777253151890266" - etcd-manager-ca-main: "6982279354000936168671127624" - etcd-peers-ca-events: "6982279353999767935825892873" - etcd-peers-ca-main: "6982279353998887468930183660" - kubernetes-ca: "6982820025135291416230495506" - service-account: "2" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/kops-controller-pki: "" - node-role.kubernetes.io/control-plane: "" - node.kubernetes.io/exclude-from-external-load-balancers: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s - taints: - - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -channels: -- memfs://clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml -configStore: - keypairs: memfs://clusters.example.com/minimal.example.com/pki - secrets: memfs://clusters.example.com/minimal.example.com/secrets -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -etcdManifests: -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml -- memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml -staticManifests: -- key: kube-apiserver-healthcheck - path: manifests/static/kube-apiserver-healthcheck.yaml -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index 6efd7bab60..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,62 +0,0 @@ -Assets: - amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -DefaultMachineType: t2.medium -Hooks: -- null -- null -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 169.254.20.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 0s - shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 -Networking: - amazonVPC: {} - nonMasqueradeCIDR: 172.20.0.0/16 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml deleted file mode 100644 index 706327e30f..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/in-v1alpha2.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal.example.com -spec: - awsLoadBalancerController: - enabled: true - certManager: - enabled: true - clusterAutoscaler: - enabled: true - metricsServer: - enabled: true - kubernetesApiAccess: - - 0.0.0.0/0 - channel: stable - cloudConfig: - awsEBSCSIDriver: - enabled: true - cloudControllerManager: - cloudProvider: aws - cloudProvider: aws - configBase: memfs://clusters.example.com/minimal.example.com - etcdClusters: - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - iam: - useServiceAccountExternalPermissions: true - kubelet: - anonymousAuth: false - kubeDNS: - nodeLocalDNS: - enabled: true - additionalConfig: | - googleapis.com:53 { - bind 169.254.20.10 - forward . 10.238.1.130 - } - kubernetesVersion: v1.26.0 - masterPublicName: api.minimal.example.com - networkCIDR: 172.20.0.0/16 - networking: - amazonvpc: {} - nodeTerminationHandler: - enabled: true - nonMasqueradeCIDR: 172.20.0.0/16 - serviceAccountIssuerDiscovery: - discoveryStore: memfs://discovery.example.com/minimal.example.com - enableAWSOIDCProvider: true - snapshotController: - enabled: true - sshAccess: - - 0.0.0.0/0 - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal.example.com -spec: - associatePublicIp: true - image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404 - machineType: m3.medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test-1a diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf deleted file mode 100644 index dd630a6438..0000000000 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/kubernetes.tf +++ /dev/null @@ -1,1213 +0,0 @@ -locals { - cluster_name = "minimal.example.com" - iam_openid_connect_provider_arn = aws_iam_openid_connect_provider.minimal-example-com.arn - iam_openid_connect_provider_issuer = "discovery.example.com/minimal.example.com" - kube-system-aws-cloud-controller-manager_role_arn = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn - kube-system-aws-cloud-controller-manager_role_name = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name - kube-system-aws-load-balancer-controller_role_arn = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn - kube-system-aws-load-balancer-controller_role_name = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name - kube-system-aws-node-termination-handler_role_arn = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn - kube-system-aws-node-termination-handler_role_name = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name - kube-system-cluster-autoscaler_role_arn = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn - kube-system-cluster-autoscaler_role_name = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name - kube-system-dns-controller_role_arn = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn - kube-system-dns-controller_role_name = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name - kube-system-ebs-csi-controller-sa_role_arn = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn - kube-system-ebs-csi-controller-sa_role_name = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name - master_autoscaling_group_ids = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] - master_security_group_ids = [aws_security_group.masters-minimal-example-com.id] - masters_role_arn = aws_iam_role.masters-minimal-example-com.arn - masters_role_name = aws_iam_role.masters-minimal-example-com.name - node_autoscaling_group_ids = [aws_autoscaling_group.nodes-minimal-example-com.id] - node_security_group_ids = [aws_security_group.nodes-minimal-example-com.id] - node_subnet_ids = [aws_subnet.us-test-1a-minimal-example-com.id] - nodes_role_arn = aws_iam_role.nodes-minimal-example-com.arn - nodes_role_name = aws_iam_role.nodes-minimal-example-com.name - region = "us-test-1" - route_table_public_id = aws_route_table.minimal-example-com.id - subnet_us-test-1a_id = aws_subnet.us-test-1a-minimal-example-com.id - vpc_cidr_block = aws_vpc.minimal-example-com.cidr_block - vpc_id = aws_vpc.minimal-example-com.id - vpc_ipv6_cidr_block = aws_vpc.minimal-example-com.ipv6_cidr_block - vpc_ipv6_cidr_length = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -output "cluster_name" { - value = "minimal.example.com" -} - -output "iam_openid_connect_provider_arn" { - value = aws_iam_openid_connect_provider.minimal-example-com.arn -} - -output "iam_openid_connect_provider_issuer" { - value = "discovery.example.com/minimal.example.com" -} - -output "kube-system-aws-cloud-controller-manager_role_arn" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-cloud-controller-manager_role_name" { - value = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-load-balancer-controller_role_arn" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-load-balancer-controller_role_name" { - value = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-aws-node-termination-handler_role_arn" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-aws-node-termination-handler_role_name" { - value = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-cluster-autoscaler_role_arn" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-cluster-autoscaler_role_name" { - value = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -output "kube-system-dns-controller_role_arn" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-dns-controller_role_name" { - value = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -output "kube-system-ebs-csi-controller-sa_role_arn" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.arn -} - -output "kube-system-ebs-csi-controller-sa_role_name" { - value = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -output "master_autoscaling_group_ids" { - value = [aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id] -} - -output "master_security_group_ids" { - value = [aws_security_group.masters-minimal-example-com.id] -} - -output "masters_role_arn" { - value = aws_iam_role.masters-minimal-example-com.arn -} - -output "masters_role_name" { - value = aws_iam_role.masters-minimal-example-com.name -} - -output "node_autoscaling_group_ids" { - value = [aws_autoscaling_group.nodes-minimal-example-com.id] -} - -output "node_security_group_ids" { - value = [aws_security_group.nodes-minimal-example-com.id] -} - -output "node_subnet_ids" { - value = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -output "nodes_role_arn" { - value = aws_iam_role.nodes-minimal-example-com.arn -} - -output "nodes_role_name" { - value = aws_iam_role.nodes-minimal-example-com.name -} - -output "region" { - value = "us-test-1" -} - -output "route_table_public_id" { - value = aws_route_table.minimal-example-com.id -} - -output "subnet_us-test-1a_id" { - value = aws_subnet.us-test-1a-minimal-example-com.id -} - -output "vpc_cidr_block" { - value = aws_vpc.minimal-example-com.cidr_block -} - -output "vpc_id" { - value = aws_vpc.minimal-example-com.id -} - -output "vpc_ipv6_cidr_block" { - value = aws_vpc.minimal-example-com.ipv6_cidr_block -} - -output "vpc_ipv6_cidr_length" { - value = local.vpc_ipv6_cidr_block == "" ? null : tonumber(regex(".*/(\\d+)", local.vpc_ipv6_cidr_block)[0]) -} - -provider "aws" { - region = "us-test-1" -} - -provider "aws" { - alias = "files" - region = "us-test-1" -} - -resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.master-us-test-1a-masters-minimal-example-com.id - version = aws_launch_template.master-us-test-1a-masters-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 1 - metrics_granularity = "1Minute" - min_size = 1 - name = "master-us-test-1a.masters.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "master-us-test-1a.masters.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/control-plane" - propagate_at_launch = true - value = "1" - } - tag { - key = "k8s.io/role/master" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "master-us-test-1a" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_group" "nodes-minimal-example-com" { - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] - launch_template { - id = aws_launch_template.nodes-minimal-example-com.id - version = aws_launch_template.nodes-minimal-example-com.latest_version - } - max_instance_lifetime = 0 - max_size = 2 - metrics_granularity = "1Minute" - min_size = 2 - name = "nodes.minimal.example.com" - protect_from_scale_in = false - tag { - key = "KubernetesCluster" - propagate_at_launch = true - value = "minimal.example.com" - } - tag { - key = "Name" - propagate_at_launch = true - value = "nodes.minimal.example.com" - } - tag { - key = "aws-node-termination-handler/managed" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" - propagate_at_launch = true - value = "" - } - tag { - key = "k8s.io/role/node" - propagate_at_launch = true - value = "1" - } - tag { - key = "kops.k8s.io/instancegroup" - propagate_at_launch = true - value = "nodes" - } - tag { - key = "kubernetes.io/cluster/minimal.example.com" - propagate_at_launch = true - value = "owned" - } - vpc_zone_identifier = [aws_subnet.us-test-1a-minimal-example-com.id] -} - -resource "aws_autoscaling_lifecycle_hook" "master-us-test-1a-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.master-us-test-1a-masters-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "master-us-test-1a-NTHLifecycleHook" -} - -resource "aws_autoscaling_lifecycle_hook" "nodes-NTHLifecycleHook" { - autoscaling_group_name = aws_autoscaling_group.nodes-minimal-example-com.id - default_result = "CONTINUE" - heartbeat_timeout = 300 - lifecycle_transition = "autoscaling:EC2_INSTANCE_TERMINATING" - name = "nodes-NTHLifecycleHook" -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-ASGLifecycle" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern") - name = "minimal.example.com-ASGLifecycle" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-ASGLifecycle" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceScheduledChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern") - name = "minimal.example.com-InstanceScheduledChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceScheduledChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-InstanceStateChange" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern") - name = "minimal.example.com-InstanceStateChange" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-InstanceStateChange" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_rule" "minimal-example-com-SpotInterruption" { - event_pattern = file("${path.module}/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern") - name = "minimal.example.com-SpotInterruption" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com-SpotInterruption" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-ASGLifecycle-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-ASGLifecycle.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceScheduledChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceScheduledChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-InstanceStateChange-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-InstanceStateChange.id -} - -resource "aws_cloudwatch_event_target" "minimal-example-com-SpotInterruption-Target" { - arn = aws_sqs_queue.minimal-example-com-nth.arn - rule = aws_cloudwatch_event_rule.minimal-example-com-SpotInterruption.id -} - -resource "aws_ebs_volume" "us-test-1a-etcd-events-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-events.minimal.example.com" - "k8s.io/etcd/events" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_ebs_volume" "us-test-1a-etcd-main-minimal-example-com" { - availability_zone = "us-test-1a" - encrypted = false - iops = 3000 - size = 20 - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.etcd-main.minimal.example.com" - "k8s.io/etcd/main" = "us-test-1a/us-test-1a" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - throughput = 125 - type = "gp3" -} - -resource "aws_iam_instance_profile" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - role = aws_iam_role.masters-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_instance_profile" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - role = aws_iam_role.nodes-minimal-example-com.name - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_openid_connect_provider" "minimal-example-com" { - client_id_list = ["amazonaws.com"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da2b0ab7280", "a9d53002e97e00e043244f3d170d6f4c414104fd"] - url = "https://discovery.example.com/minimal.example.com" -} - -resource "aws_iam_role" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-cloud-controller-manager" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-load-balancer-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "aws-node-termination-handler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "cluster-autoscaler.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "cluster-autoscaler" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "dns-controller-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_dns-controller.kube-system.sa.minimal.example.com_policy") - name = "dns-controller.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "dns-controller.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "dns-controller" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "service-account.kops.k8s.io/name" = "ebs-csi-controller-sa" - "service-account.kops.k8s.io/namespace" = "kube-system" - } -} - -resource "aws_iam_role" "masters-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_masters.minimal.example.com_policy") - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role" "nodes-minimal-example-com" { - assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.minimal.example.com_policy") - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_iam_role_policy" "aws-cloud-controller-manager-kube-system-sa-minimal-example-com" { - name = "aws-cloud-controller-manager.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-cloud-controller-manager.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-cloud-controller-manager-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-load-balancer-controller-kube-system-sa-minimal-example-com" { - name = "aws-load-balancer-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-load-balancer-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-load-balancer-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "aws-node-termination-handler-kube-system-sa-minimal-example-com" { - name = "aws-node-termination-handler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_aws-node-termination-handler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.aws-node-termination-handler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "cluster-autoscaler-kube-system-sa-minimal-example-com" { - name = "cluster-autoscaler.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_cluster-autoscaler.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.cluster-autoscaler-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "dns-controller-kube-system-sa-minimal-example-com" { - name = "dns-controller.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_dns-controller.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.dns-controller-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "ebs-csi-controller-sa-kube-system-sa-minimal-example-com" { - name = "ebs-csi-controller-sa.kube-system.sa.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy") - role = aws_iam_role.ebs-csi-controller-sa-kube-system-sa-minimal-example-com.name -} - -resource "aws_iam_role_policy" "masters-minimal-example-com" { - name = "masters.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_masters.minimal.example.com_policy") - role = aws_iam_role.masters-minimal-example-com.name -} - -resource "aws_iam_role_policy" "nodes-minimal-example-com" { - name = "nodes.minimal.example.com" - policy = file("${path.module}/data/aws_iam_role_policy_nodes.minimal.example.com_policy") - role = aws_iam_role.nodes-minimal-example-com.name -} - -resource "aws_internet_gateway" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_key_pair" "kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { - key_name = "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" - public_key = file("${path.module}/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 64 - volume_type = "gp3" - } - } - block_device_mappings { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } - iam_instance_profile { - name = aws_iam_instance_profile.masters-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "m3.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "master-us-test-1a.masters.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.masters-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "master-us-test-1a.masters.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" - "k8s.io/role/control-plane" = "1" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data") -} - -resource "aws_launch_template" "nodes-minimal-example-com" { - block_device_mappings { - device_name = "/dev/xvda" - ebs { - delete_on_termination = true - encrypted = true - iops = 3000 - throughput = 125 - volume_size = 128 - volume_type = "gp3" - } - } - iam_instance_profile { - name = aws_iam_instance_profile.nodes-minimal-example-com.id - } - image_id = "ami-12345678" - instance_type = "t2.medium" - key_name = aws_key_pair.kubernetes-minimal-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id - lifecycle { - create_before_destroy = true - } - metadata_options { - http_endpoint = "enabled" - http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" - } - monitoring { - enabled = false - } - name = "nodes.minimal.example.com" - network_interfaces { - associate_public_ip_address = true - delete_on_termination = true - ipv6_address_count = 0 - security_groups = [aws_security_group.nodes-minimal-example-com.id] - } - tag_specifications { - resource_type = "instance" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tag_specifications { - resource_type = "volume" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - } - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "aws-node-termination-handler/managed" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - user_data = filebase64("${path.module}/data/aws_launch_template_nodes.minimal.example.com_user_data") -} - -resource "aws_route" "route-0-0-0-0--0" { - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route" "route-__--0" { - destination_ipv6_cidr_block = "::/0" - gateway_id = aws_internet_gateway.minimal-example-com.id - route_table_id = aws_route_table.minimal-example-com.id -} - -resource "aws_route_table" "minimal-example-com" { - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/kops/role" = "public" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_route_table_association" "us-test-1a-minimal-example-com" { - route_table_id = aws_route_table.minimal-example-com.id - subnet_id = aws_subnet.us-test-1a-minimal-example-com.id -} - -resource "aws_s3_object" "cluster-completed-spec" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_cluster-completed.spec_content") - key = "clusters.example.com/minimal.example.com/cluster-completed.spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "discovery-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_discovery.json_content") - key = "discovery.example.com/minimal.example.com/.well-known/openid-configuration" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-events" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-events_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/events/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "etcd-cluster-spec-main" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_etcd-cluster-spec-main_content") - key = "clusters.example.com/minimal.example.com/backups/etcd/main/control/etcd-cluster-spec" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "keys-json" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_keys.json_content") - key = "discovery.example.com/minimal.example.com/openid/v1/jwks" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "kops-version-txt" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_kops-version.txt_content") - key = "clusters.example.com/minimal.example.com/kops-version.txt" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-events-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-etcdmanager-main-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "manifests-static-kube-apiserver-healthcheck" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content") - key = "clusters.example.com/minimal.example.com/manifests/static/kube-apiserver-healthcheck.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-cloud-controller-addons-k8s-io-k8s-1-18" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content") - key = "clusters.example.com/minimal.example.com/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-ebs-csi-driver-addons-k8s-io-k8s-1-17" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content") - key = "clusters.example.com/minimal.example.com/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-aws-load-balancer-controller-addons-k8s-io-k8s-1-19" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content") - key = "clusters.example.com/minimal.example.com/addons/aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-bootstrap" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-bootstrap_content") - key = "clusters.example.com/minimal.example.com/addons/bootstrap-channel.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-certmanager-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-certmanager.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/certmanager.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-cluster-autoscaler-addons-k8s-io-k8s-1-15" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content") - key = "clusters.example.com/minimal.example.com/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-coredns-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/coredns.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-dns-controller-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kops-controller-addons-k8s-io-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s-io-k8s-1-9" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content") - key = "clusters.example.com/minimal.example.com/addons/kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") - key = "clusters.example.com/minimal.example.com/addons/limit-range.addons.k8s.io/v1.5.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-metrics-server-addons-k8s-io-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/metrics-server.addons.k8s.io/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-networking-amazon-vpc-routed-eni-k8s-1-16" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-networking.amazon-vpc-routed-eni-k8s-1.16_content") - key = "clusters.example.com/minimal.example.com/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-node-termination-handler-aws-k8s-1-11" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content") - key = "clusters.example.com/minimal.example.com/addons/node-termination-handler.aws/k8s-1.11.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-nodelocaldns-addons-k8s-io-k8s-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-nodelocaldns.addons.k8s.io-k8s-1.12_content") - key = "clusters.example.com/minimal.example.com/addons/nodelocaldns.addons.k8s.io/k8s-1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-snapshot-controller-addons-k8s-io-k8s-1-20" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-snapshot-controller.addons.k8s.io-k8s-1.20_content") - key = "clusters.example.com/minimal.example.com/addons/snapshot-controller.addons.k8s.io/k8s-1.20.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "minimal-example-com-addons-storage-aws-addons-k8s-io-v1-15-0" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content") - key = "clusters.example.com/minimal.example.com/addons/storage-aws.addons.k8s.io/v1.15.0.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-master-us-test-1a" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-master-us-test-1a_content") - key = "clusters.example.com/minimal.example.com/igconfig/control-plane/master-us-test-1a/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_s3_object" "nodeupconfig-nodes" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_nodeupconfig-nodes_content") - key = "clusters.example.com/minimal.example.com/igconfig/node/nodes/nodeupconfig.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - -resource "aws_security_group" "masters-minimal-example-com" { - description = "Security group for masters" - name = "masters.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "masters.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group" "nodes-minimal-example-com" { - description = "Security group for nodes" - name = "nodes.minimal.example.com" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "nodes.minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-22to22-nodes-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 22 - protocol = "tcp" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 22 - type = "ingress" -} - -resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-masters-minimal-example-com" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 443 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 443 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-masters-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.masters-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-0-0-0-0--0" { - cidr_blocks = ["0.0.0.0/0"] - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-egress-all-0to0-__--0" { - from_port = 0 - ipv6_cidr_blocks = ["::/0"] - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "egress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-masters-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-all-0to0-nodes-minimal-example-com" { - from_port = 0 - protocol = "-1" - security_group_id = aws_security_group.nodes-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 0 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-1to2379-masters-minimal-example-com" { - from_port = 1 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 2379 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-2382to4000-masters-minimal-example-com" { - from_port = 2382 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 4000 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-tcp-4003to65535-masters-minimal-example-com" { - from_port = 4003 - protocol = "tcp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_security_group_rule" "from-nodes-minimal-example-com-ingress-udp-1to65535-masters-minimal-example-com" { - from_port = 1 - protocol = "udp" - security_group_id = aws_security_group.masters-minimal-example-com.id - source_security_group_id = aws_security_group.nodes-minimal-example-com.id - to_port = 65535 - type = "ingress" -} - -resource "aws_sqs_queue" "minimal-example-com-nth" { - message_retention_seconds = 300 - name = "minimal-example-com-nth" - policy = file("${path.module}/data/aws_sqs_queue_minimal-example-com-nth_policy") - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal-example-com-nth" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_subnet" "us-test-1a-minimal-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.32.0/19" - enable_resource_name_dns_a_record_on_launch = true - private_dns_hostname_type_on_launch = "resource-name" - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "us-test-1a.minimal.example.com" - "SubnetType" = "Public" - "kubernetes.io/cluster/minimal.example.com" = "owned" - "kubernetes.io/role/elb" = "1" - "kubernetes.io/role/internal-elb" = "1" - } - vpc_id = aws_vpc.minimal-example-com.id -} - -resource "aws_vpc" "minimal-example-com" { - assign_generated_ipv6_cidr_block = true - cidr_block = "172.20.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options" "minimal-example-com" { - domain_name = "us-test-1.compute.internal" - domain_name_servers = ["AmazonProvidedDNS"] - tags = { - "KubernetesCluster" = "minimal.example.com" - "Name" = "minimal.example.com" - "kubernetes.io/cluster/minimal.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options_association" "minimal-example-com" { - dhcp_options_id = aws_vpc_dhcp_options.minimal-example-com.id - vpc_id = aws_vpc.minimal-example-com.id -} - -terraform { - required_version = ">= 0.15.0" - required_providers { - aws = { - "configuration_aliases" = [aws.files] - "source" = "hashicorp/aws" - "version" = ">= 5.0.0" - } - } -} diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 9af0407f43..5d45c63144 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: HH8aRPUhTNryZhNJjTS2WyV7pknrCKOputT0hsP6zhE= +NodeupConfigHash: CCWUMNqGuVfITz/0kru71whAP0nxzYrnga6a/Rw0K40= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data index d07e053bbf..cba14213d9 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: NHK9Yo7WiTTs4Qyubod93kDSK9juC3Eohviy4hytfEA= +NodeupConfigHash: ZM27eswIGASeycbkw13naZ3DO3MVAltzBMqxGoYg4uQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content index c583196950..39d32c55a9 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_cluster-completed.spec_content @@ -24,7 +24,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -35,7 +35,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -50,8 +50,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -101,10 +101,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -130,10 +127,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,13 +148,10 @@ spec: serverIP: 100.64.0.10 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -173,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -186,7 +174,7 @@ spec: shutdownGracePeriodCriticalPods: 0s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -196,9 +184,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index c5e3560adf..471407e633 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index be80061b0c..547e3ca87f 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 45d2bf5133e21bd182463572db9f524648214e3123c8273609d0112cd9ca925a + manifestHash: d5dcf7453514dd91793ba54ba4e6f1324e6950474124da5cb6b9a5d710770970 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -186,7 +186,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 334f09c00a6de13f41e42f92d2e82a4fa6e49379bc3ce447cfa30cf489dcdb2d + manifestHash: e380fd16dbd03fc2001fcf8e5ff7eebefa2e37b377e475daed57ff2e5923415d name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 8ee1951ec6..cf06945978 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -334,6 +334,7 @@ spec: - --nodes=2:2:nodes.minimal.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -348,7 +349,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index d0069d3821..21240dc87e 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -27,10 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,19 +57,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 172.20.128.0/17 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -308,7 +298,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 0s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content index fdeb11e6aa..67bc78208d 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 0s shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml index a4a667110a..8d3e4360ef 100644 --- a/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons-ccm/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf b/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf index 7d570b6a0f..50f3723d29 100644 --- a/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-ccm/kubernetes.tf @@ -435,7 +435,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -517,7 +517,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content index e62f20dfe8..3ac4fcc747 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_cluster-completed.spec_content @@ -35,7 +35,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s scaleDownDelayAfterAdd: 10m0s @@ -50,8 +50,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -106,7 +106,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -132,7 +132,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,10 +154,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -182,7 +182,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index bee60d223c..6fbc8d2630 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: a60534cf6f674d86d17a32490fef182ebf5d821523402ea8cbb1d589eaec5031 + manifestHash: 7aaa72ea23224ce59b6009ea711f2cc50f20279aa586e7aa1f75961f990f103b name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -124,13 +124,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 3c55d971edba1793b82df1a202b0f429a778f2f4f8294c010d7a4fb7aca70c8b diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index c965962623..c4a9bce366 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -333,6 +333,7 @@ spec: - --nodes=1:1:https://www.googleapis.com/compute/v1/projects/testproject/zones/us-test1-a/instanceGroups/a-nodes-minimal-example-com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -344,7 +345,7 @@ spec: - --logtostderr=true - --stderrthreshold=info - --v=4 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index f6af3d3730..1fbf3d31ff 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content index 8e74ebe3ce..c50e433be8 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons-gce/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data index a6656454b5..e185420365 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data +++ b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_master-us-test1-a-minimal-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: NVq2buFLXmvajoLs0UdorRuSJQXVkNbMK6MqpAP6kso= +NodeupConfigHash: ewxl47dOjxDfCDhbhBwKfWRgGoGyVj72YVK/+VuMGIY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data index 6581d3a60a..a9832f4988 100644 --- a/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data +++ b/tests/integration/update_cluster/many-addons-gce/data/google_compute_instance_template_nodes-minimal-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: sHL0VmYL4D2ViGwzpr3tatLQ8udKJAjOz2ixNuMw7sk= +NodeupConfigHash: Co9Ghp9TWWSVazeT2W/5VjT7AOCP9LmWYphZMnNXsws= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml index 6e3e3938a6..3cb448ccf4 100644 --- a/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons-gce/in-v1alpha2.yaml @@ -38,7 +38,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/many-addons-gce/kubernetes.tf b/tests/integration/update_cluster/many-addons-gce/kubernetes.tf index fb65ca1415..fb9ef224d1 100644 --- a/tests/integration/update_cluster/many-addons-gce/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons-gce/kubernetes.tf @@ -162,14 +162,6 @@ resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-metrics-server-addons-k8s-io-k8s-1-11" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-metrics-server.addons.k8s.io-k8s-1.11_content") diff --git a/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data b/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data index ebc4c1c32c..465587e390 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data +++ b/tests/integration/update_cluster/many-addons/data/aws_launch_template_master-us-test-1a.masters.many-addons.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: many-addons.example.com ConfigBase: memfs://tests/many-addons.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: zLx1J+fYujAlGPU4Lev+ai7Cqn2znIhMKaZUFp2d/no= +NodeupConfigHash: I1PVBbGzfntcfKT5S0aAQJ5HtQt3TmMM9MyOfffwBhg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data b/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data index e57b09478e..865708ceb6 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data +++ b/tests/integration/update_cluster/many-addons/data/aws_launch_template_nodes.many-addons.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.many-addons.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: pGIQIvt5m7LMeo+3mPovrkk9GcKMBDkKSpjxohT+8XM= +NodeupConfigHash: 5cEYwIVLyIe4gfon/kCYft4IoiCgkmvWIVJqCOIdfkc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content index f222beddf7..d0803dbb02 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_cluster-completed.spec_content @@ -24,7 +24,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: many-addons.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -35,7 +35,7 @@ spec: enabled: true expander: random ignoreDaemonSetsUtilization: false - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 maxNodeProvisionTime: 15m0s newPodScaleUpDelay: 0s podAnnotations: @@ -52,8 +52,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -103,10 +103,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -132,10 +129,7 @@ spec: clusterCIDR: 172.20.128.0/17 clusterName: many-addons.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -156,13 +150,10 @@ spec: serverIP: 100.64.0.10 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -175,9 +166,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -188,7 +176,7 @@ spec: shutdownGracePeriodCriticalPods: 0s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -198,9 +186,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 51fff433ed..1ba2ed63c5 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content index 71dd7584f5..32a4e51c20 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 71a012ed60039621b6a6fd395d82076e3ca157dd101287f612c46256b2a06f72 + manifestHash: dc90792d93e32f23cb13d0621c4837e6339f7f434801a4294006539693199550 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -41,7 +41,7 @@ spec: version: 9.99.0 - id: k8s-1.15 manifest: cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml - manifestHash: 44be0298541ea2f643250d74df219ea0846304d14bbb49529773830e028106e9 + manifestHash: bb64e4cd537511ccc8275e6e20cc77d1410916ac81325ec0e4e2f05462bde200 name: cluster-autoscaler.addons.k8s.io selector: k8s-addon: cluster-autoscaler.addons.k8s.io @@ -235,7 +235,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 587b5a63fa85504fa2b5bf9a32133467131f46aa47812e5862126f8a080046f8 + manifestHash: 1b5b7422b12e6e018629f38ead12d89df5d46e5ee4e7f1cbb56b5c0d67ed02e3 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content index 8d447eee7a..d838422903 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-cluster-autoscaler.addons.k8s.io-k8s-1.15_content @@ -335,6 +335,7 @@ spec: - --nodes=2:2:nodes.many-addons.example.com - --ignore-daemonsets-utilization=false - --scale-down-utilization-threshold=0.5 + - --skip-nodes-with-custom-controller-pods=true - --skip-nodes-with-local-storage=true - --skip-nodes-with-system-pods=true - --scale-down-delay-after-add=10m0s @@ -349,7 +350,7 @@ spec: env: - name: AWS_REGION value: us-test-1 - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.26.8 + image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 1f60443481..a6eb8edb19 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9d27f90c06..81ab86e51f 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -27,10 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -60,19 +57,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 172.20.128.0/17 clusterName: many-addons.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -308,7 +298,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 0s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/many-addons.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/many-addons.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content index 46a98242bf..00cd1ee17a 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/many-addons/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 0s shutdownGracePeriodCriticalPods: 0s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: amazonVPC: {} nonMasqueradeCIDR: 172.20.0.0/16 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml b/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml index 9a857149c6..392bf725ef 100644 --- a/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/many-addons/in-v1alpha2.yaml @@ -36,7 +36,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.many-addons.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/many-addons/kubernetes.tf b/tests/integration/update_cluster/many-addons/kubernetes.tf index 3040e8911f..ceb03fd1bd 100644 --- a/tests/integration/update_cluster/many-addons/kubernetes.tf +++ b/tests/integration/update_cluster/many-addons/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-many-addons-example-co http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-many-addons-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern deleted file mode 100644 index c8db9dbe9c..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern deleted file mode 100644 index fb4ea7defd..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.health"],"detail-type": ["AWS Health Event"],"detail": {"service": ["EC2"],"eventTypeCategory": ["scheduledChange"]}} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern deleted file mode 100644 index 8c2916419d..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Instance State-change Notification"]} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern deleted file mode 100644 index 2d0e83b416..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_masters.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_nodes.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data deleted file mode 100644 index 0813a4d05f..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_nodes.minimal.example.com_user_data +++ /dev/null @@ -1,161 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigServer: - CACertificates: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- - servers: - - https://kops-controller.internal.minimal.example.com:3988/ -InstanceGroupName: nodes -InstanceGroupRole: Node -NodeupConfigHash: 3zDCnF/Zr465wzcKEQpekr6B2/9LITss9ETt11GACtM= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content deleted file mode 100644 index 432cd0d555..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-events_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content deleted file mode 100644 index 432cd0d555..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_etcd-cluster-spec-main_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content deleted file mode 100644 index b7340298dc..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_kops-version.txt_content +++ /dev/null @@ -1 +0,0 @@ -1.21.0-alpha.1 diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content deleted file mode 100644 index 21a36c9bb0..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null -spec: - containers: - - args: - - --ca-cert=/secrets/ca.crt - - --client-cert=/secrets/client.crt - - --client-key=/secrets/client.key - image: registry.k8s.io/kops/kube-apiserver-healthcheck:1.31.0-beta.1 - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /.kube-apiserver-healthcheck/healthz - port: 3990 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: healthcheck - resources: {} - securityContext: - runAsNonRoot: true - runAsUser: 10012 - volumeMounts: - - mountPath: /secrets - name: healthcheck-secrets - readOnly: true - volumes: - - hostPath: - path: /etc/kubernetes/kube-apiserver-healthcheck/secrets - type: Directory - name: healthcheck-secrets -status: {} diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 31d86455d1..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,383 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: coredns - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system - ---- - -apiVersion: v1 -data: - Corefile: |- - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local. in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - addonmanager.kubernetes.io/mode: EnsureExists - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: coredns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - -conf - - /etc/coredns/Corefile - image: registry.k8s.io/coredns/coredns:v1.11.3 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: ScheduleAnyway - volumes: - - configMap: - name: coredns - name: config-volume - ---- - -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: kube-dns - namespace: kube-system - resourceVersion: "0" -spec: - clusterIP: 100.64.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - - name: metrics - port: 9153 - protocol: TCP - selector: - k8s-app: kube-dns - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: kube-dns - namespace: kube-system -spec: - maxUnavailable: 50% - selector: - matchLabels: - k8s-app: kube-dns - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers/scale - verbs: - - get - - update -- apiGroups: - - extensions - - apps - resources: - - deployments/scale - - replicasets/scale - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coredns-autoscaler -subjects: -- kind: ServiceAccount - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: coredns-autoscaler - kubernetes.io/cluster-service: "true" - name: coredns-autoscaler - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: coredns-autoscaler - template: - metadata: - creationTimestamp: null - labels: - k8s-app: coredns-autoscaler - kops.k8s.io/managed-by: kops - spec: - containers: - - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=coredns-autoscaler - - --target=Deployment/coredns - - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}} - - --logtostderr=true - - --v=2 - image: registry.k8s.io/cpa/cluster-proportional-autoscaler:v1.8.9 - name: autoscaler - resources: - requests: - cpu: 20m - memory: 10Mi - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns-autoscaler - tolerations: - - key: CriticalAddonsOnly - operator: Exists diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content deleted file mode 100644 index 36761e1c56..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kubelet-api.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kubelet-api.rbac.addons.k8s.io - name: kops:system:kubelet-api-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kubelet-api-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: kubelet-api diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content deleted file mode 100644 index 4dcdce48b9..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: limit-range.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: limit-range.addons.k8s.io - name: limits - namespace: default -spec: - limits: - - defaultRequest: - cpu: 100m - type: Container diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content deleted file mode 100644 index bea3e88be3..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: default -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: gp2 -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-ssd-1-17 -parameters: - encrypted: "true" - type: gp2 -provisioner: kubernetes.io/aws-ebs -volumeBindingMode: WaitForFirstConsumer - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-csi-1-21 -parameters: - encrypted: "true" - type: gp3 -provisioner: ebs.csi.aws.com -volumeBindingMode: WaitForFirstConsumer - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:aws-cloud-provider -subjects: -- kind: ServiceAccount - name: aws-cloud-provider - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index 74d336f35e..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,65 +0,0 @@ -Assets: - amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -Hooks: -- null -- null -InstallCNIAssets: true -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/instancegroup: nodes-us-test-1a - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 30s - shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 -Networking: - nonMasqueradeCIDR: 100.64.0.0/10 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy deleted file mode 100644 index c5b2b25812..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_sqs_queue_minimal-example-com-nth_policy +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Statement": [ - { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Principal": { - "Service": [ - "events.amazonaws.com", - "sqs.amazonaws.com" - ] - }, - "Resource": "arn:aws-test:sqs:us-test-1:123456789012:minimal-example-com-nth" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/minimal-1.25/id_rsa.pub b/tests/integration/update_cluster/minimal-1.25/id_rsa.pub deleted file mode 100755 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-1.25/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern deleted file mode 100644 index c8db9dbe9c..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source":["aws.autoscaling"],"detail-type":["EC2 Instance-terminate Lifecycle Action"]} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern deleted file mode 100644 index fb4ea7defd..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.health"],"detail-type": ["AWS Health Event"],"detail": {"service": ["EC2"],"eventTypeCategory": ["scheduledChange"]}} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern deleted file mode 100644 index 8c2916419d..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Instance State-change Notification"]} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern deleted file mode 100644 index 2d0e83b416..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern +++ /dev/null @@ -1 +0,0 @@ -{"source": ["aws.ec2"],"detail-type": ["EC2 Spot Instance Interruption Warning"]} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_masters.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_nodes.minimal.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data deleted file mode 100644 index 1869a13ab9..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_nodes.minimal.example.com_user_data +++ /dev/null @@ -1,161 +0,0 @@ -#!/bin/bash -set -o errexit -set -o nounset -set -o pipefail - -NODEUP_URL_AMD64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-amd64 -NODEUP_HASH_AMD64=585fbda0f0a43184656b4bfc0cc5f0c0b85612faf43b8816acca1f99d422c924 -NODEUP_URL_ARM64=https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/nodeup,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/nodeup-linux-arm64 -NODEUP_HASH_ARM64=7603675379699105a9b9915ff97718ea99b1bbb01a4c184e2f827c8a96e8e865 - -export AWS_REGION=us-test-1 - - - - -sysctl -w net.core.rmem_max=16777216 || true -sysctl -w net.core.wmem_max=16777216 || true -sysctl -w net.ipv4.tcp_rmem='4096 87380 16777216' || true -sysctl -w net.ipv4.tcp_wmem='4096 87380 16777216' || true - - -function ensure-install-dir() { - INSTALL_DIR="/opt/kops" - # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec - if [[ -d /var/lib/toolbox ]]; then - INSTALL_DIR="/var/lib/toolbox/kops" - fi - mkdir -p ${INSTALL_DIR}/bin - mkdir -p ${INSTALL_DIR}/conf - cd ${INSTALL_DIR} -} - -# Retry a download until we get it. args: name, sha, urls -download-or-bust() { - echo "== Downloading $1 with hash $2 from $3 ==" - local -r file="$1" - local -r hash="$2" - local -a urls - mapfile -t urls < <(split-commas "$3") - - if [[ -f "${file}" ]]; then - if ! validate-hash "${file}" "${hash}"; then - rm -f "${file}" - else - return 0 - fi - fi - - while true; do - for url in "${urls[@]}"; do - commands=( - "curl -f --compressed -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget --compression=auto -O ${file} --connect-timeout=20 --tries=6 --wait=10" - "curl -f -Lo ${file} --connect-timeout 20 --retry 6 --retry-delay 10" - "wget -O ${file} --connect-timeout=20 --tries=6 --wait=10" - ) - for cmd in "${commands[@]}"; do - echo "== Downloading ${url} using ${cmd} ==" - if ! (${cmd} "${url}"); then - echo "== Failed to download ${url} using ${cmd} ==" - continue - fi - if ! validate-hash "${file}" "${hash}"; then - echo "== Failed to validate hash for ${url} ==" - rm -f "${file}" - else - echo "== Downloaded ${url} with hash ${hash} ==" - return 0 - fi - done - done - - echo "== All downloads failed; sleeping before retrying ==" - sleep 60 - done -} - -validate-hash() { - local -r file="$1" - local -r expected="$2" - local actual - - actual=$(sha256sum "${file}" | awk '{ print $1 }') || true - if [[ "${actual}" != "${expected}" ]]; then - echo "== File ${file} is corrupted; hash ${actual} doesn't match expected ${expected} ==" - return 1 - fi -} - -function split-commas() { - echo "$1" | tr "," "\n" -} - -function download-release() { - case "$(uname -m)" in - x86_64*|i?86_64*|amd64*) - NODEUP_URL="${NODEUP_URL_AMD64}" - NODEUP_HASH="${NODEUP_HASH_AMD64}" - ;; - aarch64*|arm64*) - NODEUP_URL="${NODEUP_URL_ARM64}" - NODEUP_HASH="${NODEUP_HASH_ARM64}" - ;; - *) - echo "Unsupported host arch: $(uname -m)" >&2 - exit 1 - ;; - esac - - cd ${INSTALL_DIR}/bin - download-or-bust nodeup "${NODEUP_HASH}" "${NODEUP_URL}" - - chmod +x nodeup - - echo "== Running nodeup ==" - # We can't run in the foreground because of https://github.com/docker/docker/issues/23793 - ( cd ${INSTALL_DIR}/bin; ./nodeup --install-systemd-unit --conf=${INSTALL_DIR}/conf/kube_env.yaml --v=8 ) -} - -#################################################################################### - -/bin/systemd-machine-id-setup || echo "== Failed to initialize the machine ID; ensure machine-id configured ==" - -echo "== nodeup node config starting ==" -ensure-install-dir - -cat > conf/kube_env.yaml << '__EOF_KUBE_ENV' -CloudProvider: aws -ClusterName: minimal.example.com -ConfigServer: - CACertificates: | - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANqBD8NSD82AUSMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwODAwWhcNMzEwNzA3MDcw - ODAwWjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBANFI3zr0Tk8krsW8vwjfMpzJOlWQ8616vG3YPa2qAgI7V4oKwfV0yIg1 - jt+H6f4P/wkPAPTPTfRp9Iy8oHEEFw0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNG3zVjTcLlJwDsJ4/K9DV7KohUA - MA0GCSqGSIb3DQEBCwUAA0EAB8d03fY2w7WKpfO29qI295pu2C4ca9AiVGOpgSc8 - tmQsq6rcxt3T+rb589PVtz0mw/cKTxOk6gH2CCC+yHfy2w== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIBbjCCARigAwIBAgIMFpANvmSa0OAlYmXKMA0GCSqGSIb3DQEBCwUAMBgxFjAU - BgNVBAMTDWt1YmVybmV0ZXMtY2EwHhcNMjEwNzA3MDcwOTM2WhcNMzEwNzA3MDcw - OTM2WjAYMRYwFAYDVQQDEw1rdWJlcm5ldGVzLWNhMFwwDQYJKoZIhvcNAQEBBQAD - SwAwSAJBAMF6F4aZdpe0RUpyykaBpWwZCnwbffhYGOw+fs6RdLuUq7QCNmJm/Eq7 - WWOziMYDiI9SbclpD+6QiJ0N3EqppVUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG - MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLImp6ARjPDAH6nhI+scWVt3Q9bn - MA0GCSqGSIb3DQEBCwUAA0EAVQVx5MUtuAIeePuP9o51xtpT2S6Fvfi8J4ICxnlA - 9B7UD2ushcVFPtaeoL9Gfu8aY4KJBeqqg5ojl4qmRnThjw== - -----END CERTIFICATE----- - servers: - - https://kops-controller.internal.minimal.example.com:3988/ -InstanceGroupName: nodes -InstanceGroupRole: Node -NodeupConfigHash: 6042fC55eyeSm2rv5AC0lnxFtEHRCHut6IC6W/f91QQ= - -__EOF_KUBE_ENV - -download-release -echo "== nodeup node config done ==" diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content deleted file mode 100644 index 432cd0d555..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-events_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content deleted file mode 100644 index 432cd0d555..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_etcd-cluster-spec-main_content +++ /dev/null @@ -1,4 +0,0 @@ -{ - "memberCount": 1, - "etcdVersion": "3.5.17" -} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content deleted file mode 100644 index b7340298dc..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_kops-version.txt_content +++ /dev/null @@ -1 +0,0 @@ -1.21.0-alpha.1 diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content deleted file mode 100644 index 21a36c9bb0..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - creationTimestamp: null -spec: - containers: - - args: - - --ca-cert=/secrets/ca.crt - - --client-cert=/secrets/client.crt - - --client-key=/secrets/client.key - image: registry.k8s.io/kops/kube-apiserver-healthcheck:1.31.0-beta.1 - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /.kube-apiserver-healthcheck/healthz - port: 3990 - initialDelaySeconds: 5 - timeoutSeconds: 5 - name: healthcheck - resources: {} - securityContext: - runAsNonRoot: true - runAsUser: 10012 - volumeMounts: - - mountPath: /secrets - name: healthcheck-secrets - readOnly: true - volumes: - - hostPath: - path: /etc/kubernetes/kube-apiserver-healthcheck/secrets - type: Directory - name: healthcheck-secrets -status: {} diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content deleted file mode 100644 index 31d86455d1..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content +++ /dev/null @@ -1,383 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/cluster-service: "true" - name: coredns - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - kubernetes.io/bootstrapping: rbac-defaults - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system - ---- - -apiVersion: v1 -data: - Corefile: |- - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes cluster.local. in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - } -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - addonmanager.kubernetes.io/mode: EnsureExists - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: coredns - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxSurge: 10% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - -conf - - /etc/coredns/Corefile - image: registry.k8s.io/coredns/coredns:v1.11.3 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - all - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - topologySpreadConstraints: - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: ScheduleAnyway - - labelSelector: - matchLabels: - k8s-app: kube-dns - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: ScheduleAnyway - volumes: - - configMap: - name: coredns - name: config-volume - ---- - -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: CoreDNS - name: kube-dns - namespace: kube-system - resourceVersion: "0" -spec: - clusterIP: 100.64.0.10 - ports: - - name: dns - port: 53 - protocol: UDP - - name: dns-tcp - port: 53 - protocol: TCP - - name: metrics - port: 9153 - protocol: TCP - selector: - k8s-app: kube-dns - ---- - -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: kube-dns - namespace: kube-system -spec: - maxUnavailable: 50% - selector: - matchLabels: - k8s-app: kube-dns - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers/scale - verbs: - - get - - update -- apiGroups: - - extensions - - apps - resources: - - deployments/scale - - replicasets/scale - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - create - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - name: coredns-autoscaler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: coredns-autoscaler -subjects: -- kind: ServiceAccount - name: coredns-autoscaler - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: coredns.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: coredns.addons.k8s.io - k8s-app: coredns-autoscaler - kubernetes.io/cluster-service: "true" - name: coredns-autoscaler - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: coredns-autoscaler - template: - metadata: - creationTimestamp: null - labels: - k8s-app: coredns-autoscaler - kops.k8s.io/managed-by: kops - spec: - containers: - - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=coredns-autoscaler - - --target=Deployment/coredns - - --default-params={"linear":{"coresPerReplica":256,"nodesPerReplica":16,"preventSinglePointFailure":true}} - - --logtostderr=true - - --v=2 - image: registry.k8s.io/cpa/cluster-proportional-autoscaler:v1.8.9 - name: autoscaler - resources: - requests: - cpu: 20m - memory: 10Mi - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns-autoscaler - tolerations: - - key: CriticalAddonsOnly - operator: Exists diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content deleted file mode 100644 index 36761e1c56..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: kubelet-api.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: kubelet-api.rbac.addons.k8s.io - name: kops:system:kubelet-api-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kubelet-api-admin -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: kubelet-api diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content deleted file mode 100644 index 4dcdce48b9..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: LimitRange -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: limit-range.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: limit-range.addons.k8s.io - name: limits - namespace: default -spec: - limits: - - defaultRequest: - cpu: 100m - type: Container diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content deleted file mode 100644 index bea3e88be3..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: default -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: gp2 -parameters: - type: gp2 -provisioner: kubernetes.io/aws-ebs - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "false" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-ssd-1-17 -parameters: - encrypted: "true" - type: gp2 -provisioner: kubernetes.io/aws-ebs -volumeBindingMode: WaitForFirstConsumer - ---- - -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: kops-csi-1-21 -parameters: - encrypted: "true" - type: gp3 -provisioner: ebs.csi.aws.com -volumeBindingMode: WaitForFirstConsumer - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: storage-aws.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: storage-aws.addons.k8s.io - name: system:aws-cloud-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:aws-cloud-provider -subjects: -- kind: ServiceAccount - name: aws-cloud-provider - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content deleted file mode 100644 index 4fd7e81731..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-nodes_content +++ /dev/null @@ -1,65 +0,0 @@ -Assets: - amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz -CAs: {} -ClusterName: minimal.example.com -Hooks: -- null -- null -InstallCNIAssets: true -KeypairIDs: - kubernetes-ca: "6982820025135291416230495506" -KubeProxy: - clusterCIDR: 100.96.0.0/11 - cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 - logLevel: 2 -KubeletConfig: - anonymousAuth: false - cgroupDriver: systemd - cgroupRoot: / - cloudProvider: external - clusterDNS: 100.64.0.10 - clusterDomain: cluster.local - enableDebuggingHandlers: true - evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - kubeconfigPath: /var/lib/kubelet/kubeconfig - logLevel: 2 - nodeLabels: - kops.k8s.io/instancegroup: nodes-us-test-1a - node-role.kubernetes.io/node: "" - podInfraContainerImage: registry.k8s.io/pause:3.9 - podManifestPath: /etc/kubernetes/manifests - protectKernelDefaults: true - registerSchedulable: true - shutdownGracePeriod: 30s - shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 -Networking: - nonMasqueradeCIDR: 100.64.0.0/10 - serviceClusterIPRange: 100.64.0.0/13 -UpdatePolicy: automatic -containerdConfig: - logLevel: info - runc: - version: 1.1.5 - version: 1.6.20 -usesLegacyGossip: false -usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy deleted file mode 100644 index c5b2b25812..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_sqs_queue_minimal-example-com-nth_policy +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Statement": [ - { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Principal": { - "Service": [ - "events.amazonaws.com", - "sqs.amazonaws.com" - ] - }, - "Resource": "arn:aws-test:sqs:us-test-1:123456789012:minimal-example-com-nth" - } - ], - "Version": "2012-10-17" -} diff --git a/tests/integration/update_cluster/minimal-1.26/id_rsa.pub b/tests/integration/update_cluster/minimal-1.26/id_rsa.pub deleted file mode 100755 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-1.26/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern rename to tests/integration/update_cluster/minimal-1.31/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_iam_role_policy_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.31/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key rename to tests/integration/update_cluster/minimal-1.31/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 834484933d..3b563a97a5 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: pEPkTd60I1vJQETo3EjSRADH3T8WgBhEYh1Xk4B4PBM= +NodeupConfigHash: klMj3mKSOZir95MgdNFRquS9P5e5wcSBM0MMav/WsFo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_nodes.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_nodes.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_nodes.minimal.example.com_user_data index 9ab84cf8b5..12ce2409d7 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: l4LvADQG3n3cvmN2OEmOZwQf/oIT130Bb8vx2AhdvVM= +NodeupConfigHash: 5B5Foj9pAfg4gQEkqoEOyhtzobF0+jwTrijK4KTOy7g= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_cluster-completed.spec_content similarity index 88% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_cluster-completed.spec_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_cluster-completed.spec_content index b552c7bf62..7b81716203 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -84,10 +84,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.31.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -113,10 +110,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.31.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.31.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.31.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.31.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-events_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-events_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-events_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-main_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_etcd-cluster-spec-main_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_etcd-cluster-spec-main_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_kops-version.txt_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_kops-version.txt_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_kops-version.txt_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content similarity index 99% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-bootstrap_content similarity index 98% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 97589f64d8..a17569f8c3 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-master-us-test-1a_content similarity index 85% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f1d43d0200..73f2ef23fe 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.31.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 39e7f1c61c8389ea7680690f8bd5dd733672fa16875ae598df0fd8c205df57a9@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet + - 7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - b310da449a9d2f8b928cab5ca12a6772617ba421023894e061ca2647e6d9f1c3@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet + - f42832db7d77897514639c6df38214a6d8ae1262ee34943364ec1ffaee6c009c@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - c2a292714d0fad98a3491ae43df8ad58354b3c0bdf5d5a3e281777967c70fcff@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.31.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.31.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.31.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -311,7 +301,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.31.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -324,8 +314,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content new file mode 100644 index 0000000000..f7c16f515b --- /dev/null +++ b/tests/integration/update_cluster/minimal-1.31/data/aws_s3_object_nodeupconfig-nodes_content @@ -0,0 +1,64 @@ +Assets: + amd64: + - 39e7f1c61c8389ea7680690f8bd5dd733672fa16875ae598df0fd8c205df57a9@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubelet + - 7c27adc64a84d1c0cc3dcf7bf4b6e916cc00f3f576a2dbac51b318d926032437@https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 + - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz + - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz + arm64: + - b310da449a9d2f8b928cab5ca12a6772617ba421023894e061ca2647e6d9f1c3@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubelet + - f42832db7d77897514639c6df38214a6d8ae1262ee34943364ec1ffaee6c009c@https://dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.31.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - c2a292714d0fad98a3491ae43df8ad58354b3c0bdf5d5a3e281777967c70fcff@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-arm64-v1.5.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 + - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz + - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz +CAs: {} +ClusterName: minimal.example.com +Hooks: +- null +- null +InstallCNIAssets: true +KeypairIDs: + kubernetes-ca: "6982820025135291416230495506" +KubeProxy: + clusterCIDR: 100.96.0.0/11 + cpuRequest: 100m + image: registry.k8s.io/kube-proxy:v1.31.0 + logLevel: 2 +KubeletConfig: + anonymousAuth: false + cgroupDriver: systemd + cgroupRoot: / + cloudProvider: external + clusterDNS: 100.64.0.10 + clusterDomain: cluster.local + enableDebuggingHandlers: true + evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + kubeconfigPath: /var/lib/kubelet/kubeconfig + logLevel: 2 + nodeLabels: + kops.k8s.io/instancegroup: nodes-us-test-1a + node-role.kubernetes.io/node: "" + podInfraContainerImage: registry.k8s.io/pause:3.9 + podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true + registerSchedulable: true + shutdownGracePeriod: 30s + shutdownGracePeriodCriticalPods: 10s +KubernetesVersion: 1.31.0 +Networking: + nonMasqueradeCIDR: 100.64.0.0/10 + serviceClusterIPRange: 100.64.0.0/13 +UpdatePolicy: automatic +containerdConfig: + logLevel: info + runc: + version: 1.1.14 + version: 1.7.22 +usesLegacyGossip: false +usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.31/data/aws_sqs_queue_minimal-example-com-nth_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_sqs_queue_minimal-example-com-nth_policy rename to tests/integration/update_cluster/minimal-1.31/data/aws_sqs_queue_minimal-example-com-nth_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/id_rsa.pub b/tests/integration/update_cluster/minimal-1.31/id_rsa.pub similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/id_rsa.pub rename to tests/integration/update_cluster/minimal-1.31/id_rsa.pub diff --git a/tests/integration/update_cluster/minimal-1.25/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-1.31/in-v1alpha2.yaml similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/in-v1alpha2.yaml rename to tests/integration/update_cluster/minimal-1.31/in-v1alpha2.yaml index ef3d6a12e7..85e534f185 100644 --- a/tests/integration/update_cluster/minimal-1.25/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-1.31/in-v1alpha2.yaml @@ -34,7 +34,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.31.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-1.26/kubernetes.tf b/tests/integration/update_cluster/minimal-1.31/kubernetes.tf similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/kubernetes.tf rename to tests/integration/update_cluster/minimal-1.31/kubernetes.tf diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-ASGLifecycle_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceScheduledChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-InstanceStateChange_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern b/tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern rename to tests/integration/update_cluster/minimal-1.32/data/aws_cloudwatch_event_rule_minimal.example.com-SpotInterruption_event_pattern diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_masters.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_masters.minimal.example.com_policy diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_nodes.minimal.example.com_policy similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_nodes.minimal.example.com_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_iam_role_policy_nodes.minimal.example.com_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-1.32/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key rename to tests/integration/update_cluster/minimal-1.32/data/aws_key_pair_kubernetes.minimal.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index cbe4169391..7bd254185e 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: k/B9mcfXVMF4pUBZTSlZOrkAFcmuWQVoCYf1v2ZIaOs= +NodeupConfigHash: WZBRnkUUrOAa9dNL9pJuU9Dln/6G8v6o+j/dDrhy5cI= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_nodes.minimal.example.com_user_data similarity index 98% rename from tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_nodes.minimal.example.com_user_data rename to tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_nodes.minimal.example.com_user_data index e311f63c35..e0188aa4c8 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: WwtxlSoKOB8hEehXX1eGuBozTH2Ndl4NNAuqkWa4+O0= +NodeupConfigHash: SMpgyJTx4eKvv8ID4K/ZkwlnwwirmmcUKxz1B6Vl+1Q= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_cluster-completed.spec_content similarity index 88% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_cluster-completed.spec_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_cluster-completed.spec_content index cca9298634..dbc5f64525 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -84,10 +84,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -113,10 +110,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-events_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-events_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-events_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-main_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_etcd-cluster-spec-main_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_etcd-cluster-spec-main_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_kops-version.txt_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_kops-version.txt_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_kops-version.txt_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_kops-version.txt_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-events-master-us-test-1a_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-etcdmanager-main-master-us-test-1a_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_manifests-static-kube-apiserver-healthcheck_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content similarity index 99% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index f84082c78b..adc407bc80 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-bootstrap_content similarity index 91% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 018679818f..a17569f8c3 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: cada585acb2647f44abffb456f75360045099c11f9221b50780f12d940ccefb1 + manifestHash: 96b7d8947795c54d86ae8d49d6b0dcd4eab4d0b288ab2e592259f82ed91acc07 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 22cb0da8fc5f5cb33951c0e8fe8f90db7696003c2dc16f0061cd3cb95cdd4dcb + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-coredns.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-dns-controller.addons.k8s.io-k8s-1.12_content diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 2b9f70f7a7..526c144ba7 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-kubelet-api.rbac.addons.k8s.io-k8s-1.9_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content similarity index 100% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-node-termination-handler.aws-k8s-1.11_content diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_minimal.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-master-us-test-1a_content similarity index 85% rename from tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content rename to tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 82dfb4c1b4..a420cd225f 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -311,7 +301,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -324,8 +314,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content new file mode 100644 index 0000000000..febb37d43c --- /dev/null +++ b/tests/integration/update_cluster/minimal-1.32/data/aws_s3_object_nodeupconfig-nodes_content @@ -0,0 +1,64 @@ +Assets: + amd64: + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 + - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz + - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz + arm64: + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 + - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz + - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz +CAs: {} +ClusterName: minimal.example.com +Hooks: +- null +- null +InstallCNIAssets: true +KeypairIDs: + kubernetes-ca: "6982820025135291416230495506" +KubeProxy: + clusterCIDR: 100.96.0.0/11 + cpuRequest: 100m + image: registry.k8s.io/kube-proxy:v1.32.0 + logLevel: 2 +KubeletConfig: + anonymousAuth: false + cgroupDriver: systemd + cgroupRoot: / + cloudProvider: external + clusterDNS: 100.64.0.10 + clusterDomain: cluster.local + enableDebuggingHandlers: true + evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + kubeconfigPath: /var/lib/kubelet/kubeconfig + logLevel: 2 + nodeLabels: + kops.k8s.io/instancegroup: nodes-us-test-1a + node-role.kubernetes.io/node: "" + podInfraContainerImage: registry.k8s.io/pause:3.9 + podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true + registerSchedulable: true + shutdownGracePeriod: 30s + shutdownGracePeriodCriticalPods: 10s +KubernetesVersion: 1.32.0 +Networking: + nonMasqueradeCIDR: 100.64.0.0/10 + serviceClusterIPRange: 100.64.0.0/13 +UpdatePolicy: automatic +containerdConfig: + logLevel: info + runc: + version: 1.1.14 + version: 1.7.22 +usesLegacyGossip: false +usesNoneDNS: false diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_sqs_queue_minimal-example-com-nth_policy b/tests/integration/update_cluster/minimal-1.32/data/aws_sqs_queue_minimal-example-com-nth_policy similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_sqs_queue_minimal-example-com-nth_policy rename to tests/integration/update_cluster/minimal-1.32/data/aws_sqs_queue_minimal-example-com-nth_policy diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/id_rsa.pub b/tests/integration/update_cluster/minimal-1.32/id_rsa.pub similarity index 100% rename from tests/integration/update_cluster/many-addons-ccm-irsa26/id_rsa.pub rename to tests/integration/update_cluster/minimal-1.32/id_rsa.pub diff --git a/tests/integration/update_cluster/minimal-1.26/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-1.32/in-v1alpha2.yaml similarity index 98% rename from tests/integration/update_cluster/minimal-1.26/in-v1alpha2.yaml rename to tests/integration/update_cluster/minimal-1.32/in-v1alpha2.yaml index 3ab7810141..15db0fd0d3 100644 --- a/tests/integration/update_cluster/minimal-1.26/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-1.32/in-v1alpha2.yaml @@ -34,7 +34,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-1.25/kubernetes.tf b/tests/integration/update_cluster/minimal-1.32/kubernetes.tf similarity index 98% rename from tests/integration/update_cluster/minimal-1.25/kubernetes.tf rename to tests/integration/update_cluster/minimal-1.32/kubernetes.tf index 0b17171a8f..175f6b0eed 100644 --- a/tests/integration/update_cluster/minimal-1.25/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-1.32/kubernetes.tf @@ -705,14 +705,6 @@ resource "aws_s3_object" "minimal-example-com-addons-kubelet-api-rbac-addons-k8s server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "tests/minimal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content index 4ae0440dd5..35a2718aef 100644 --- a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 0e58080d9cdea2a7864f0312d8c55b6a0fdddf8892b3f5a84c3a25e92accf97c + manifestHash: af0caacaec3b67a77aac95f4c35c04f39670028c28044eed18680273894cf4bf name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 030c696c8f..0c76d32b8e 100644 --- a/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-aws/data/aws_s3_object_minimal-aws.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index a91e7a02a1..30bb70e7e3 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: GJpv+cbvWJhszaPildTR7YuBPWxO7yhDqye7WgBP3a8= +NodeupConfigHash: 2EXmXLYqqd3PfQcydIXY11Ucnc2r/4rLC5OaTdOs73E= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data index 06985908ae..7911375167 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: AtWaof337lrN2NoQFvviT2Ss2cYW4gX24G/7XN349E8= +NodeupConfigHash: YPrB3cfcKbPHW2PR2eT2wP48UOI1Y9ZHBXCw/D4A2lI= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content index 56a58e2873..4ea0e89dce 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/minimal.example.com/backups/etcd/main @@ -83,10 +83,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -137,13 +131,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -156,9 +147,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -170,7 +158,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -180,9 +168,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 82d161438a..f79c65f9b5 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -92,7 +92,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9b352b6d0f..1b5caa78b2 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -280,7 +273,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -291,9 +284,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content index 8d53ffcf52..6403ccde38 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -51,7 +50,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: true diff --git a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml index 32577c9601..1c16b152ab 100644 --- a/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-dns-none/in-v1alpha2.yaml @@ -36,7 +36,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data index d8e57b573f..18c49b9f11 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_master-us-test-1a.masters.minimal-etcd.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-etcd.example.com ConfigBase: memfs://clusters.example.com/minimal-etcd.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ktsWtBv941aK+pL98v7GFVU89eXwuIdC4metzQEM7As= +NodeupConfigHash: Av4VC9VxGgU5F/yBW99C3zDIGtCnf9EQlzRF9EnO/JU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data index e07df817c9..1469662137 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_launch_template_nodes.minimal-etcd.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-etcd.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: yMctYTFg9SjCY6xHLGHPkCX5r1vNCy6ISaVleabk53A= +NodeupConfigHash: ekT1IR5qSaKvPbRXfWk68/h6xmexrdh4Dttz+usnr+I= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content index 6c0ff0dd9c..7b72a1fc5c 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-etcd.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-etcd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 844202e805..15c588b20b 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content index d09d5a53bb..a925083e1d 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 9684ff5db48d7b1c2dee835bf68842915b233b86e84d8afdfb3b56deb1162968 + manifestHash: 1dba484ccab8281082504bb4ef46df14d6dec92888ce6034b42fe5845741b6e2 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 65d31b311645c118e7a81bb3c5afdd20e93ac3f1dec5bab846dbefb8016d40e8 + manifestHash: 5c24d867c3e6a322d031ea109334d10b1608f75226765c38cff8395149b53eec name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 475ec8aafc..716d7964e8 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_minimal-etcd.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e59f7c7bd0..4176de451d 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-etcd.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-etcd.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-etcd.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content index f7c680acce..03044a55da 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml index d68f5ac0e7..103cce239c 100644 --- a/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-etcd/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-etcd.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-etcd/kubernetes.tf b/tests/integration/update_cluster/minimal-etcd/kubernetes.tf index e3e73d3a0f..a08b8ac2b9 100644 --- a/tests/integration/update_cluster/minimal-etcd/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-etcd/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-etcd-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-minimal-etcd-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 1f0b3cef24..5edf11700e 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Arj9CPYPT79nVe1Uju7SKarwPhrwxdpEn3bezaNlNUo= +NodeupConfigHash: u7Gr0XwgMUCmXNEG29SnW1+ljmUinf8gdvYeTKvzNFA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bc..26c4acec16 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content index 327a76caa5..dc4aff0be9 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -83,10 +83,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -137,13 +131,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -156,9 +147,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -169,7 +157,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -179,9 +167,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 2c3f3b4fdf..6696cb9bf5 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e45b55f9ac..1b8293d4ee 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbd..da75b50a11 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml index fb85ec6349..68c1b5115a 100644 --- a/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-gp3/in-v1alpha2.yaml @@ -27,7 +27,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf index 823580294f..82ca8d56ac 100644 --- a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf @@ -416,7 +416,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -498,7 +498,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index 30ca7b0f34..ee029e46da 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: JMCr7MrAoTYDT4wpGT3Onenf3V3Hg+8RZo8GX+pHX7g= +NodeupConfigHash: STc/xkQbYF4RgvljqPAsR/N2KmV2NWkCG2ph1iyeZvg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index 929dc82ee8..c915e22559 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: q47Igf/BIdRXGK0I0cE7G1H6v/jzroe8CSAyEwPI58c= +NodeupConfigHash: 96xVJcv2LGD9IGs+tT9dYZiS95XjU9ia6qC+So1BEDo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content index 30ebaa1585..1bc2b2b301 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234..3089f7d99c 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index 6f66fba1f7..5f145992f5 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -161,7 +154,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b..7f92a8042c 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a9a4c58741..a621c20854 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -279,7 +272,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -290,9 +283,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -307,7 +297,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: ::/0 @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content index 62b4e905f9..af0ced2751 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -22,7 +24,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -33,9 +35,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -46,7 +45,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: ::/0 @@ -55,7 +54,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml index 10629e1613..544b74ebc4 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf index dd11298255..111d8fb82e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index 569cea92c7..38db5320a6 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: dnbwGBrZmQLLU6jC+8aaVpKUHtJrPke+nd05kQ2Yktk= +NodeupConfigHash: x2dcwAkk+LblVNiF3OAYzgiyCZGBWwNGVEZVzYLCVII= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index a9d2b722c7..3a0458308e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: ngrVn8IUdUeuGOM0TZ9YUMXdQ1PGkvUm+ekDwi+EHaY= +NodeupConfigHash: UMqavWlInbq+rdwC7avV4gOX1YXhFBU9YA2DKTvvT9k= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content index 07fa74602c..e0f1a99638 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234..3089f7d99c 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index d265c44f63..a3beb91f03 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -114,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b..7f92a8042c 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5dd62f107..8573bc5792 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -279,7 +272,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -290,9 +283,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -307,7 +297,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: ::/0 @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content index 3cc2255a11..aedf0c31ed 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -22,7 +24,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -33,9 +35,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -46,7 +45,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: ::/0 @@ -55,7 +54,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml index 87d1346f80..b1387e6361 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf index 38bf74e26d..b7d7575e23 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index c5d869cf4c..252860c4f8 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ova1xYqaZS5E5uQNAiCIBVHcoMGGf+DBLF5/WdCmsrM= +NodeupConfigHash: G0hPd4eCJMAGg6pYrHIo9wfKq54mPMVabGDoyBMD2Ys= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index c9dc716360..44982fd21f 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Suh4p0bTQdigoYjO1dUnjDxRE8QVjilE46kAJsS1hw8= +NodeupConfigHash: APtMtZEprhYFWmjygsGZC7lNfj9mFxTkuQ7aqfvRjgE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content index c17dd8fc0b..448a927c6b 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234..3089f7d99c 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index b1091896c9..676623b59b 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b..7f92a8042c 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f14cae1b25..9453566332 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content index d21db8daff..62be24183b 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml index 63907988c7..7369623c0e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf index 8889b161b4..51f39f9c7e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index c5d869cf4c..252860c4f8 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ova1xYqaZS5E5uQNAiCIBVHcoMGGf+DBLF5/WdCmsrM= +NodeupConfigHash: G0hPd4eCJMAGg6pYrHIo9wfKq54mPMVabGDoyBMD2Ys= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index c9dc716360..44982fd21f 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Suh4p0bTQdigoYjO1dUnjDxRE8QVjilE46kAJsS1hw8= +NodeupConfigHash: APtMtZEprhYFWmjygsGZC7lNfj9mFxTkuQ7aqfvRjgE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content index d7a6962ff4..03a3e8ba93 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234..3089f7d99c 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index b1091896c9..676623b59b 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b..7f92a8042c 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f14cae1b25..9453566332 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content index d21db8daff..62be24183b 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml index fea43fa064..bc1af812c4 100644 --- a/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf index 4f61fdbdf9..000b4816d8 100644 --- a/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6/kubernetes.tf @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -565,7 +565,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -925,14 +925,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data index b63b6a1198..3d00fbbd50 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_master-us-test-1a.masters.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com ConfigBase: memfs://clusters.example.com/this.is.truly.a.really.really.long.cluster-name.minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: qcSUmBJo/LvEHNX5vheCF49ka0v8T6bXchwApwa0DQ0= +NodeupConfigHash: 2186QYJn5i1QIRdd05cwDuo3sZxzXeOJHH9YR7IwLRE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data index e0568165b0..2dd6572717 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_launch_template_nodes.this.is.truly.a.really.really.long.cluster-name.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.this.is.truly.a.really.really.long.cluster-name.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: mZGNNPBrUT1otbC/jFcujflBbrr68qsaGQjG9+4GuqQ= +NodeupConfigHash: l+Zy9NxrPG9WmcrS+UuxeLogJrfxGXJfgarBwtQnA7c= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content index 004c60ee98..6975f3d220 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -75,10 +75,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -104,10 +101,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -129,13 +123,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -147,9 +138,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -160,7 +148,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: cgroupDriver: systemd cgroupRoot: / @@ -169,9 +157,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 8e4d932005..45729eaade 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: this.is.truly.a.really.really.long.cluster-name.minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/this.is.truly.a.really.really.long.cluster-name.minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/this.is.truly.a.really.really.long.cluster-name.minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content index afcffe7b52..930df11dbe 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: cgroupDriver: systemd @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index db56fcc591..d0ce95d7ff 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content index b5bb2530c1..231a485bd9 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 8bc68a524682aa6365afc7d00909e6144c43d47bbe9dc21fcd7c552d0ac16d1b + manifestHash: 51c2b4201b12060324c0fe4ecf477f8ed9330ad3540272fecb3ca4199252e441 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: dc6e4f6936c9db28b65d3f333a4edd9ccdbc0c648d9e7f09087b4cf2d11db52e + manifestHash: 40c78faccab6e1a5895bbc737faeb0d315405dc398bc7a27ad6632de3265cdc5 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 3637a838a8..fa39e2a93d 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_s3_object_this.is.truly.a.really.really.long.cluster-name.minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml index 41cde758a2..54a5774b58 100644 --- a/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-longclustername/in-v1alpha2.yaml @@ -18,7 +18,7 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.this.is.truly.a.really.really.long.cluster-name.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf index 88a20a2be1..8da4e7e010 100644 --- a/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-longclustername/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-this-is-truly-a-really http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-this-is-truly-a-really-really-long-cluster http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data index 2cd4b56ffc..08c34b8935 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_master-us-test-1a.masters.minimal-warmpool.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-warmpool.example.com ConfigBase: memfs://clusters.example.com/minimal-warmpool.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: UYjSJkNykwwRpBdeZECbSgxgjaxqCPoK2Ee2Hthdp2s= +NodeupConfigHash: YLdutMBZQUxqRbdUIHPeIpbPlVuHaSCdhxbqLT6LgpM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data index 9bda4f6914..0356008510 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_launch_template_nodes.minimal-warmpool.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-warmpool.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: OEGyrjkH73KIYbkYHitZKm3GmJgsOg+tgdhZNH+Lq/g= +NodeupConfigHash: 7ycbTcuEmk3sdJttHVwWGwlO+e4cW1GXHFmLWgA0VLA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content index f1d4a76d1b..8998336107 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-warmpool.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-warmpool.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 868c50574a..d00e462875 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content index 262399b27a..7d77853225 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: bcd0fe39232586a3a28883fb0d6aa410c10eeeffdc81073184bea589dc72ec06 + manifestHash: 2271862ea5b0505184ba5073673a77500f3362b1cc65946ef77ff5c0e13ba886 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b2cee6598a435f704f6f1d3282208769d5baaf21d5fe371c5f1ad678a8f049c6 + manifestHash: b44967f0bd287a1edb4f4ba8a53d04c0b7a495a19870dec87dfde5b8dc69d950 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index e30040c555..f36e4d248a 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_minimal-warmpool.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 96f2556e1a..afc6ff52cd 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,19 +56,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -237,19 +236,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-warmpool.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -279,7 +272,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -290,9 +283,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -307,7 +297,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-warmpool.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-warmpool.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content index aa3ca3f63a..2f278419bc 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -24,7 +26,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -35,9 +37,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -48,7 +47,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -57,12 +56,12 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false warmPoolImages: - quay.io/cilium/cilium:v1.16.3 - quay.io/cilium/operator:v1.16.3 -- registry.k8s.io/kube-proxy:v1.26.0 -- registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 +- registry.k8s.io/kube-proxy:v1.32.0 +- registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 diff --git a/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml index 60d37beba7..6b59c90e68 100644 --- a/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-warmpool/in-v1alpha2.yaml @@ -24,7 +24,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-warmpool.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf index ab67a1a2e4..90d0f8f086 100644 --- a/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-warmpool/kubernetes.tf @@ -432,7 +432,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-warmpool-examp http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -514,7 +514,7 @@ resource "aws_launch_template" "nodes-minimal-warmpool-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content index 6ba20b7eed..6b60b48a88 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_cluster-completed.spec_content @@ -32,8 +32,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -86,7 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,7 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,10 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,7 +162,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content index 2b64e4d1b9..c9db50f050 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 94af249575dd6ac4881fc5effc276f5968ad22e7aa30e7795f826125af89f004 + manifestHash: bab666538683ef3e9156a91ee2b50a83247d9c721bf3921854cde6e323f82120 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 563ea6c4b61247cbba3dc624b378a56dfdb2f887a39592f15ba1589b540b6487 diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b77f999a2b..b068e9f709 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index e78491b817..feb6b8aac4 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content index 0380424aaa..edb80720a9 100644 --- a/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data index 91e451f105..23fea7c6eb 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce.example.com ConfigBase: memfs://tests/minimal-gce.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: O9tu/2iDdoASFC6EdHiW9OKceGx8gSFxvTjY7vsCCvU= +NodeupConfigHash: K+CCk17XKAjQWjfjsWn6WGGIkF1uWn+HJOuoXw9eiQw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data index 7a3996bd54..3510b4bef4 100644 --- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: emPV8sG3SHlriMIH1NlrMPlYehZK5TolODtla26tqiQ= +NodeupConfigHash: MW1iIpx9cHdrKiMBA3xhg3dFxrhNHBNsG2nvo8MyYxE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml index bc787ee2b7..9a49973323 100644 --- a/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce/kubernetes.tf b/tests/integration/update_cluster/minimal_gce/kubernetes.tf index 9ac73da127..379bb5ec5b 100644 --- a/tests/integration/update_cluster/minimal_gce/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-example-com-addons-limit-range-addons-k8s- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content index 2b46837e92..b39802142f 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_cluster-completed.spec_content @@ -35,8 +35,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/minimal-gce.example.com/backups/etcd/main @@ -86,7 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,7 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,10 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,7 +162,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content index bc05b7b710..6242cd1579 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 94af249575dd6ac4881fc5effc276f5968ad22e7aa30e7795f826125af89f004 + manifestHash: bab666538683ef3e9156a91ee2b50a83247d9c721bf3921854cde6e323f82120 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -46,13 +46,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 563ea6c4b61247cbba3dc624b378a56dfdb2f887a39592f15ba1589b540b6487 diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b77f999a2b..b068e9f709 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index ccab43209d..bb8e9f7e49 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content index f77c26cc8f..ea0f6f892d 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data index 0fee7ceadc..e12b65dfec 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce.example.com ConfigBase: memfs://tests/minimal-gce.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: g3lbZ2msG5Qi/tRbnnSJIxvRRE+OhMNTnAKs7j+WYcw= +NodeupConfigHash: POh0filk5Vhg0c+KrR4A0aJUNWTPuihZZ2iAhbaPQOc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data index 75578c2b13..f37116d1b4 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_dns-none/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 1LDWa09+EGR84CsX3FydIqktkubxAnR04RQ78kKN2GU= +NodeupConfigHash: 9e5fkQL5EUHHU6UQmI7rxTmgvpaF8UDn2fjI3KK9VA4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml index 1a944aa628..91a11c16c5 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_dns-none/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf index cc3d4c8dd0..703e3ec6d5 100644 --- a/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf @@ -138,14 +138,6 @@ resource "aws_s3_object" "minimal-gce-example-com-addons-limit-range-addons-k8s- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content index 6b740d8953..6121fb9f76 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_cluster-completed.spec_content @@ -36,8 +36,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -90,7 +90,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -116,7 +116,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-ilb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,10 +138,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,7 +166,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content index e582449c1b..6bd1f6b44d 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: a08d1f57edf3ef9bf36c281f1bac0d71282f6ca528e320a376b5e101fb3b41ca + manifestHash: e8b8a7fe78fa5344d98abb1dca050ba176cc4f19f0fd34955d92f614b01c8428 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 9be551d87a138c931e1e39fa4445fee18fe5ca495cf6229fb104001abd35fd93 diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 33ee0fea1d..96452c2abe 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index 66c3431f7a..c1f54ca016 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-ilb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-ilb.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-ilb.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content index b3d9912a19..4f0f48d1e3 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-ilb-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data index bc971edc32..2efce4add7 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-ilb-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-ilb.example.com ConfigBase: memfs://tests/minimal-gce-ilb.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: ERHgdvtfxh08HlZRThisFOedfB22qTVYoSvCMWvq2XM= +NodeupConfigHash: yU5wvUuN/aVpg2hI1PBZ5WwFylekK+SIijvUfSCVWAg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data index 72964cca8e..bd20d5037d 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb/data/google_compute_instance_template_nodes-minimal-gce-ilb-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-ilb.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: jaPx50wdtO/EC22RG/03R8UBFG7PqWBU9HYSnpUuvxI= +NodeupConfigHash: e9vNXFw9nt4AlZmXXK6rTA7soNyFIhsUapR7fmtHQik= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml index 03730cd381..e54f61437e 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_ilb/in-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-ilb.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf index 475208f005..5db29650dd 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-ilb-example-com-addons-limit-range-addons- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-ilb-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-ilb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-ilb.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-ilb-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-ilb.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content index eb8a41dcaf..1b4c297ffe 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_cluster-completed.spec_content @@ -36,8 +36,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -90,7 +90,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -116,7 +116,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,10 +138,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,7 +166,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content index 75657e35e7..e150c95e54 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: be6bde6948c1b30105d9e2fb5271c6c7bd1ce9d944bdeba1b5b138308e5d1eb2 + manifestHash: e5eb1e384edb9b6c10b648a16abf3d9093341d3f5a2d3173645549da87b3c210 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 5c1d2b26f8a2d8f8b622381cdc06b34be87be9a5d0dd5764a248b28809621824 diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 71fc74e07a..afd90e5bd2 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index bccb690d5e..bb7975955a 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content index 981b042737..808c4c601b 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-with-a-very-very-very-very--96dqvi-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data index 3357958a0b..9118f83705 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com ConfigBase: memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: ntCCGf3auTvGV21zZtxErvZvsmLkPR/pk72hnWrTEt8= +NodeupConfigHash: MHsWGporS0eStGhki/GoFWMMqe/ttkgCpe8fDm0HQLE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data index 531ed1e7f9..ecb2d433cf 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-with-a-very-very-very-very-very-long-name.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: RSxWbov23GXcHlonmVB7hQJIBHA/NQ7AF+8uXL2dDHE= +NodeupConfigHash: Zi/PuT9mqIddvOv4O/TU6uo1jMR9PzKWd4dsg9PRtW0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml index 1584482baa..5c17a438d9 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/in-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-with-a-very-very-very-very-very-long-name.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf index 941c232a4b..59b5fa4fc0 100644 --- a/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content index 07e8b9c149..924019e983 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_cluster-completed.spec_content @@ -33,8 +33,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -87,7 +87,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -113,7 +113,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -135,10 +135,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -163,7 +163,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content index 75657e35e7..e150c95e54 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: be6bde6948c1b30105d9e2fb5271c6c7bd1ce9d944bdeba1b5b138308e5d1eb2 + manifestHash: e5eb1e384edb9b6c10b648a16abf3d9093341d3f5a2d3173645549da87b3c210 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 5c1d2b26f8a2d8f8b622381cdc06b34be87be9a5d0dd5764a248b28809621824 diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 71fc74e07a..afd90e5bd2 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index 1fab5f0bdf..0aeb7cd2d3 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content index 981b042737..808c4c601b 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-with-a-very-very-very-very--96dqvi-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script index 829e4a5727..5ee065143e 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_master-us-test1-a-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script @@ -129,7 +129,7 @@ ClusterName: minimal-gce-with-a-very-very-very-very-very-long-name.example.com ConfigBase: memfs://tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: 8dGDbo1++ryciF3GssUscURJAcitPNJMTAqnXWTFwkw= +NodeupConfigHash: rkOyOCBIQAwF/Kfs7pBoqDPelKjhVDB4wXihs7cnGFo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script index 531ed1e7f9..ecb2d433cf 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script +++ b/tests/integration/update_cluster/minimal_gce_longclustername/data/google_compute_instance_template_nodes-minimal-gce-with-a-very-very-very-very-very-long-name-example-com_metadata_startup-script @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-with-a-very-very-very-very-very-long-name.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: RSxWbov23GXcHlonmVB7hQJIBHA/NQ7AF+8uXL2dDHE= +NodeupConfigHash: Zi/PuT9mqIddvOv4O/TU6uo1jMR9PzKWd4dsg9PRtW0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml index fd6435d02b..db73883565 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_longclustername/in-v1alpha2.yaml @@ -34,7 +34,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-with-a-very-very-very-very-very-long-name.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf index aa970607c4..9db8fb701d 100644 --- a/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_longclustername/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-with-a-very-very-very-very-very-long-name.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-with-a-very-very-very-very-very-long-name-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-with-a-very-very-very-very-very-long-name.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content index eb7f538a78..8bd867e00e 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_cluster-completed.spec_content @@ -36,8 +36,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -90,7 +90,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -116,7 +116,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-plb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,10 +138,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -166,7 +166,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content index dbedd24be7..d09d30df4e 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: cb2042cc730fc9ba1ddd8bb8e129595fa5fae10616cc582d7baf55c3d97ca919 + manifestHash: b4bdd8d3227a9503736b3edc11e9cdeb2a517071cf40dfc33ff3c1b05c11f440 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: ce85b344b9411208fd901c7699027cbffa4d1eb478c81acc44a1133acd01bda8 diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 2135b0074b..fd390b1fde 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index f1a2924ed8..3f9b863389 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -27,7 +27,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -57,23 +57,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,13 +241,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-plb.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -276,7 +278,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -302,7 +304,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -315,8 +317,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-plb.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-plb.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content index 1198682d93..1d2e5ac240 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_plb/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-plb-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data index 094d3a07f5..3186350d9d 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_master-us-test1-a-minimal-gce-plb-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-plb.example.com ConfigBase: memfs://tests/minimal-gce-plb.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: cMvFpky7SE6GqYpstTl1EMO4nqxjXsVkbHkwaHxQOok= +NodeupConfigHash: bSq0XflQ+1NhZ7ZIvikumMdUQctJAXaSh9ilLamHQ9g= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data index bdb090eed6..9901f483d0 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_plb/data/google_compute_instance_template_nodes-minimal-gce-plb-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-plb.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: n46+NMNgKnsSWAzTAwZ4FmqGUsbq3LrE60DdxHex7uU= +NodeupConfigHash: hgu5zxYrK6W/htHSltpil7PwCcnHE25+W29vjUzX2To= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml index a76f8c84be..5802a1115d 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_plb/in-v1alpha2.yaml @@ -37,7 +37,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-plb.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf index 6d958cd08f..9b20456175 100644 --- a/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-plb-example-com-addons-limit-range-addons- server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-plb-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-plb.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-plb.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-plb-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-plb.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content index 4d9c881583..6a27376f9b 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_cluster-completed.spec_content @@ -32,8 +32,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: "1" etcdClusters: - backups: @@ -86,7 +86,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,7 +112,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-private.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,10 +134,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,7 +162,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content index ed4718e2f4..79ab19082e 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 376e1d95ed850db18e59b87559ac3b32e514b4f8393a73c0f6d013d502a027bc + manifestHash: ceac0a6de9763682a46522545e24d3f898ecb31cb64443cb4c88e5354cc0d2c1 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -53,13 +53,6 @@ spec: selector: k8s-addon: gcp-pd-csi-driver.addons.k8s.io version: 9.99.0 - - id: v0.1.12 - manifest: metadata-proxy.addons.k8s.io/v0.1.12.yaml - manifestHash: 5b18a0e4a56168a792e1366d4bd57fe7c232a0e78baf91241ba61ffcbeb79bf5 - name: metadata-proxy.addons.k8s.io - selector: - k8s-addon: metadata-proxy.addons.k8s.io - version: 9.99.0 - id: k8s-1.23 manifest: gcp-cloud-controller.addons.k8s.io/k8s-1.23.yaml manifestHash: 15b18fbb8f418b530f48d2a8b9d1318f6f7b5c4df12e5d5179ec21f57842e06c diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 3f74ac6a2a..84794d2b57 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content deleted file mode 100644 index 9b2daafb88..0000000000 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content +++ /dev/null @@ -1,127 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - name: metadata-proxy - namespace: kube-system - ---- - -apiVersion: apps/v1 -kind: DaemonSet -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: metadata-proxy.addons.k8s.io - addonmanager.kubernetes.io/mode: Reconcile - app.kubernetes.io/managed-by: kops - k8s-addon: metadata-proxy.addons.k8s.io - k8s-app: metadata-proxy - kubernetes.io/cluster-service: "true" - version: v0.12 - name: metadata-proxy-v0.12 - namespace: kube-system -spec: - selector: - matchLabels: - k8s-app: metadata-proxy - version: v0.12 - template: - metadata: - creationTimestamp: null - labels: - k8s-app: metadata-proxy - kops.k8s.io/managed-by: kops - kubernetes.io/cluster-service: "true" - version: v0.12 - spec: - containers: - - args: - - -addr=169.254.169.252:988 - image: registry.k8s.io/metadata-proxy:v0.1.12 - name: metadata-proxy - resources: - limits: - cpu: 30m - memory: 25Mi - requests: - cpu: 30m - memory: 25Mi - securityContext: - privileged: true - - command: - - /monitor - - --stackdriver-prefix=custom.googleapis.com/addons - - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count - - --pod-id=$(POD_NAME) - - --namespace-id=$(POD_NAMESPACE) - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/prometheus-to-sd:v0.5.0 - name: prometheus-to-sd-exporter - resources: - limits: - cpu: 2m - memory: 20Mi - requests: - cpu: 2m - memory: 20Mi - dnsPolicy: Default - hostNetwork: true - initContainers: - - command: - - /bin/sh - - -c - - | - set -e - set -x - - if (ip link show ens4); then - PRIMARY_DEV=ens4 - else - PRIMARY_DEV=eth0 - fi - - ip addr add dev lo 169.254.169.252/32 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 80 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:988 - iptables -w -t nat -I PREROUTING -p tcp -d 169.254.169.254 ! -i "${PRIMARY_DEV}" --dport 8080 -m comment --comment "metadata-concealment: bridge traffic to metadata server goes to metadata proxy" -j DNAT --to-destination 169.254.169.252:987 - image: registry.k8s.io/k8s-custom-iptables:1.0 - imagePullPolicy: Always - name: update-ipdtables - securityContext: - privileged: true - volumeMounts: - - mountPath: /host - name: host - nodeSelector: - cloud.google.com/metadata-proxy-ready: "true" - kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: metadata-proxy - terminationGracePeriodSeconds: 30 - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - hostPath: - path: / - type: Directory - name: host - updateStrategy: - type: RollingUpdate diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content index b25c75bf2f..0bda2d02b2 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-master-us-test1-a_content @@ -26,7 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -56,23 +56,25 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,13 +240,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal-gce-private.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -275,7 +277,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -301,7 +303,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -314,8 +316,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal-gce-private.example.com/manifests/etcd/main-master-us-test1-a.yaml - memfs://tests/minimal-gce-private.example.com/manifests/etcd/events-master-us-test1-a.yaml diff --git a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content index 9d2769637e..4a1d228c7f 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gce_private/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 63357fad748af9065e09517628072960775a9145cc8853f2e30abcfa9eaab73d@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/mounter - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - eca252d94176f8e08084433d08cd478c28cba7b773b49d691f1bec0f1e94e7d1@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/mounter + - 827d558953d861b81a35c3b599191a73f53c1f63bce42c61e7a3fee21a717a89@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-amd64/v20231005-providersv0.27.1-65-g8fbe8d27 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - f534c82bac121907300e0ac7c540cc3ab63c461763a8906e002edc867b6f80b6@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/mounter - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - ee06cd4a0e8428a3cced77f4f7db836138c589e8e4bf46f0c676f8ff4b54b942@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/mounter + - f1617c0ef77f3718e12a3efc6f650375d5b5e96eebdbcbad3e465e89e781bdfa@https://storage.googleapis.com/k8s-staging-cloud-provider-gcp/auth-provider-gcp/linux-arm64/v20231005-providersv0.27.1-65-g8fbe8d27 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -28,7 +30,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -50,7 +52,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,8 +60,8 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 multizone: true nodeTags: minimal-gce-private-example-com-k8s-io-role-node usesLegacyGossip: false diff --git a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data index 68df162bc9..022bac5b51 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_user-data @@ -129,7 +129,7 @@ ClusterName: minimal-gce-private.example.com ConfigBase: memfs://tests/minimal-gce-private.example.com InstanceGroupName: master-us-test1-a InstanceGroupRole: ControlPlane -NodeupConfigHash: 25JqlKAyvQpNHMyAdgrkJGYzL54PDRF+W7ofoCy2UEQ= +NodeupConfigHash: 2W+XilJCh23/tEtVBfEB1Z5/2Pg69yXFrpNDEjlwPeA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data index 46eaeee0cd..42dc9864b5 100644 --- a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data +++ b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_user-data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal-gce-private.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: jdtCRQpZcUE7NAr+awSy4plnkvNEbJsGAXcu1gs+R60= +NodeupConfigHash: cmz4fmfWOw9OLWklxIdNug3vPAtkm8dP1ajNRltVmAA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml index f944d2b849..42798ae7c3 100644 --- a/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gce_private/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-gce-private.example.com networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf index 0cf892031a..595e87d7df 100644 --- a/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf @@ -146,14 +146,6 @@ resource "aws_s3_object" "minimal-gce-private-example-com-addons-limit-range-add server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-gce-private-example-com-addons-metadata-proxy-addons-k8s-io-v0-1-12" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-gce-private.example.com-addons-metadata-proxy.addons.k8s.io-v0.1.12_content") - key = "tests/minimal-gce-private.example.com/addons/metadata-proxy.addons.k8s.io/v0.1.12.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-gce-private-example-com-addons-storage-gce-addons-k8s-io-v1-7-0" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-gce-private.example.com-addons-storage-gce.addons.k8s.io-v1.7.0_content") diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data index 50e8b5eb97..e4365ca183 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: TI5eMxNyhKrfisxHTrT5oYfsMM+J1iX2X2eW9XyvkMQ= +NodeupConfigHash: VjETiw+kdBXCLWgMo9Zr9EIASW6kRfDa/tM+SxuoE/U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data index cf9e33d752..ca5d7cdfff 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_launch_template_nodes.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: ZTRdjUy+OLqcnvm10a8bguUGVvt8Fp8D/29mSoUyJqw= +NodeupConfigHash: GKtAwTyeNzGY8RjLsNnZ9Rgtvamc7XWvbKhg9TCNneU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content index ebf0b180a6..ea34f05ac8 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://clusters.example.com/minimal.k8s.local/backups/etcd/main @@ -76,10 +76,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -105,10 +102,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -130,13 +124,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -149,9 +140,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -162,7 +150,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -172,9 +160,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index f92127e4c5..cdcefb184d 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content index e206243c61..8bf1ce0de7 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2e44cc45663c696e3888edb07a95f7b1b89479e747c0d0aa8a70cb62458eb1cc + manifestHash: 3d43bbb1bfce77cde72a78473f6f286dab501186e3791f0107839c344e42dd5c name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: dd1a636ea1ba98126c61c82fcbd59a9b7cf631653cdb7f2476d59e66fc4e7f52 + manifestHash: 70fa5f93d9b6f66c8eccd368e48a047faad48479d107889e3afa1d8a543ec7f3 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a235b5b10c..2a18adbbcd 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 4780b3266a..3b78ff57a8 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content index 1a0bae6e7a..e7922fa31a 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -51,7 +53,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -62,9 +64,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -75,7 +74,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -88,7 +87,7 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: true usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml index 8a5eb8b441..5c9f55f4d2 100644 --- a/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gossip/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.k8s.local networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal_gossip/kubernetes.tf b/tests/integration/update_cluster/minimal_gossip/kubernetes.tf index f65453cc5a..f7b224ed42 100644 --- a/tests/integration/update_cluster/minimal_gossip/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gossip/kubernetes.tf @@ -420,7 +420,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -502,7 +502,7 @@ resource "aws_launch_template" "nodes-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data index 504a66182e..51810bae31 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_master-us-test-1a.masters.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: slfpGg/g0a7ExmKM9pyK7wB5ZtlvwdzXOHMWBk6Unsw= +NodeupConfigHash: 8/oRkufuNgAGUF4/WzJGd+m9+ATP9rsRG+mJ1w7GeMA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data index cf9e33d752..ca5d7cdfff 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_launch_template_nodes.minimal.k8s.local_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.k8s.local ConfigBase: memfs://clusters.example.com/minimal.k8s.local InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: ZTRdjUy+OLqcnvm10a8bguUGVvt8Fp8D/29mSoUyJqw= +NodeupConfigHash: GKtAwTyeNzGY8RjLsNnZ9Rgtvamc7XWvbKhg9TCNneU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content index 2d8388c8d6..29956926fc 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://clusters.example.com/minimal.k8s.local/backups/etcd/main @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 63ba8638c2..ab356b1712 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.minimal.k8s.local - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content index 3427680b2d..a9e545112c 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2e44cc45663c696e3888edb07a95f7b1b89479e747c0d0aa8a70cb62458eb1cc + manifestHash: 3d43bbb1bfce77cde72a78473f6f286dab501186e3791f0107839c344e42dd5c name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: db394d59628b7662f656743679422a8120a6fddf69a0396a3344be902a34ef59 + manifestHash: 44a0c921fee991e75fef9c4fa03c9409c883449204358ef1e004d8ba883a104a name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content index a235b5b10c..2a18adbbcd 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 498770271b..5b2b1b2efa 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.k8s.local configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.k8s.local/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content index 1a0bae6e7a..e7922fa31a 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,20 +1,22 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -51,7 +53,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -62,9 +64,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -75,7 +74,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -88,7 +87,7 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: true usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml index 859b4b84b6..8ea973082b 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_gossip_irsa/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.k8s.local networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf b/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf index cb0ef02059..184cc6c107 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gossip_irsa/kubernetes.tf @@ -525,7 +525,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -607,7 +607,7 @@ resource "aws_launch_template" "nodes-minimal-k8s-local" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content index c34b013cbf..b2d7f3ec97 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/minimal.example.com/backups/etcd/main @@ -79,7 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -105,7 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -127,10 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -154,7 +154,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 9a41577bea..e788e50243 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 6da4532fe87aaaf142b30d133efa28ed013f8e1fcfa5156dcf1698bbf1849777 + manifestHash: 8b31eb8c878b14e96cc5c607a8bee33c844994241f7263d2a01188f6b619ee91 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index ac9c3a97b0..be97f09c52 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -65,6 +65,8 @@ spec: value: 127.0.0.1 - name: HCLOUD_TOKEN value: REDACTED + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content index 089cac039d..dbaf8323d5 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-master-fsn1_content @@ -24,7 +24,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -54,21 +54,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -234,13 +234,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -270,7 +270,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -295,7 +295,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -308,8 +308,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/minimal.example.com/manifests/etcd/main-master-fsn1.yaml - memfs://tests/minimal.example.com/manifests/etcd/events-master-fsn1.yaml diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content index 3f72596da3..e08a62c2ae 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_nodeupconfig-nodes-fsn1_content @@ -1,18 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +26,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -47,7 +47,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -55,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: true diff --git a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data index a2109608d9..9848ec4265 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data +++ b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_master-fsn1_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://tests/minimal.example.com InstanceGroupName: master-fsn1 InstanceGroupRole: ControlPlane -NodeupConfigHash: NniKBUB1ksKZGJzTZbW+SNwU0G5L/tUFFWM4rYtyfZU= +NodeupConfigHash: WoFnfIlUY0BSqrFvYdqON0WCFZe2xzPUCkXB/pujCus= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data index a216d553fa..751f6b66c8 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data +++ b/tests/integration/update_cluster/minimal_hetzner/data/hcloud_server_nodes-fsn1_user_data @@ -152,7 +152,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes-fsn1 InstanceGroupRole: Node -NodeupConfigHash: jn9Uny1kv6x28Z1EVFTV46RQzoBqAB0JCFiYRktMYRo= +NodeupConfigHash: xALsm+NMuz/GrG+SXl/JriIFTV+AaSenxXbwQTqEtB0= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml index 6805f2d3b8..0d3a898ad8 100644 --- a/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_hetzner/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 networkCIDR: 10.0.0.0/16 networking: cni: {} diff --git a/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml index 0ca2331f4a..c79de6ad50 100644 --- a/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_openstack/in-v1alpha2.yaml @@ -29,7 +29,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 networking: cni: {} networkCIDR: 192.168.0.0/16 diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content index 0559d842db..36c33ef4aa 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_cluster-completed.spec_content @@ -18,8 +18,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdClusters: - backups: backupStore: memfs://tests/scw-minimal.k8s.local/backups/etcd/main @@ -72,7 +72,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.5 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -98,7 +98,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: scw-minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.5 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -121,10 +121,10 @@ spec: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m enabled: false - image: registry.k8s.io/kube-proxy:v1.25.5 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.5 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -148,7 +148,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.5 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content index 09cdc1a551..0f6b1a2e12 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-control-plane-fr-par-1_content @@ -24,7 +24,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.25.5 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -54,19 +54,19 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 16b23e1254830805b892cfccf2687eb3edb4ea54ffbadb8cc2eee6d3b1fab8e6@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet - - 6a660cd44db3d4bfe1563f6689cbe2ffb28ee4baf3532e04fff2d7b909081c29@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 18aa53ff59740a11504218905b51b29cc78fb8b5dd818a619141afa9dafb8f5a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet - - 7bc650f28a5b4436df2abcfae5905e461728ba416146beac17a2634fa82a6f0a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -232,13 +232,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: scw-minimal.k8s.local configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.25.5 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.25.5 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -288,7 +288,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.5 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -302,8 +302,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://tests/scw-minimal.k8s.local/manifests/etcd/main-control-plane-fr-par-1.yaml - memfs://tests/scw-minimal.k8s.local/manifests/etcd/events-control-plane-fr-par-1.yaml diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content index 61f17e1aa3..bcbb6f454f 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_nodeupconfig-nodes-fr-par-1_content @@ -1,18 +1,18 @@ Assets: amd64: - - 16b23e1254830805b892cfccf2687eb3edb4ea54ffbadb8cc2eee6d3b1fab8e6@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubelet - - 6a660cd44db3d4bfe1563f6689cbe2ffb28ee4baf3532e04fff2d7b909081c29@https://dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 18aa53ff59740a11504218905b51b29cc78fb8b5dd818a619141afa9dafb8f5a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubelet - - 7bc650f28a5b4436df2abcfae5905e461728ba416146beac17a2634fa82a6f0a@https://dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.5/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -44,7 +44,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.5 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -55,7 +55,7 @@ channels: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: true usesNoneDNS: false diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content index 5b36954851..76519f929d 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: dbb14bb38213dfc4bc0ad7b1eae4b8c6348f73807bf2d6597d644ef92f922442 + manifestHash: 3f21ba47ab7f804028c5926ca8915d1f654d9beaaa242853b66191b37f31816e name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 7ee0abe374..9c5a7e429e 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal_scaleway/data/aws_s3_object_scw-minimal.k8s.local-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" - name: SCW_ACCESS_KEY value: "" - name: SCW_DEFAULT_PROJECT_ID diff --git a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data index 8901c0c89a..ffd3ef59d8 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data +++ b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_control-plane-fr-par-1-0_user_data @@ -132,7 +132,7 @@ ClusterName: scw-minimal.k8s.local ConfigBase: memfs://tests/scw-minimal.k8s.local InstanceGroupName: control-plane-fr-par-1 InstanceGroupRole: ControlPlane -NodeupConfigHash: 1KJOl7OFEx8pBcsWXXMrqsygHjsBG2J16d6kq+cbs+g= +NodeupConfigHash: IplAdCNmw88K2t0/eNtizR2tHlP/bFsQphUWrKhLLow= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data index 6b6cc9b51a..2be772d052 100644 --- a/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data +++ b/tests/integration/update_cluster/minimal_scaleway/data/scaleway_instance_server_nodes-fr-par-1-0_user_data @@ -155,7 +155,7 @@ ConfigServer: - https://kops-controller.internal.scw-minimal.k8s.local:3988/ InstanceGroupName: nodes-fr-par-1 InstanceGroupRole: Node -NodeupConfigHash: VEYZneTdXQVB917D4EzwdKmBdJ4OFd7FrIDry159DD8= +NodeupConfigHash: pynq4N94Z3i0e9k/dzWhLxtxAJmgO9cjxobDXWD/fGU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml index b88f6a364f..da5ebd712d 100644 --- a/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal_scaleway/in-v1alpha2.yaml @@ -35,7 +35,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.5 + kubernetesVersion: 1.32.0 networking: cilium: enableNodePort: true diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index 4c73c97103..fd7601a071 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: gcWAvv1QiO+KxfCeXPae8Z/DOM5bwCg/p2Nuy/9ckzY= +NodeupConfigHash: 5uLKMwY31M8+U+Pdw9D9QVF+9X7dv5Y3GXjraIEaubg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index e2f12dd383..8591632f8e 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: huIKr3Syeo4VAdMAj1pzKo6pMeUcEX2uHa8FbxEGvC8= +NodeupConfigHash: wS6f1JJdyJ5gTWcnGBnst/vdiwZR1Z8sV68OwV8akFw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 30c819f74c..44bee14b69 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: rtsEQx/eHf9m0/25wraf0IMpqvOmAMCdaJ9lEySMkec= +NodeupConfigHash: Rz2R4e2cf+3fAoVM1XUdF6RV5BElUh+JfHEMxuS7vgw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data index 8f59e793ed..389430b403 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances/data/aws_launch_template_nodes.mixedinstances.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.mixedinstances.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: vR9tnPGXM/YLtMOlHeM7mjuYi4aIzmBsFG6KIDf8rFA= +NodeupConfigHash: 19kQmwaIQCL4XbGiz1Y2jrp1BXXCjZ3uY0jn+rIW3Pg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content index 7cc92d9e44..d2c939ea06 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index dfbf63a83d..9752e0db3e 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content index 21a3925336..309d8d63a5 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2dff95f6ee3140aee212f552a944a2319622f1437dc0cd4afc5e6a6771a2c162 + manifestHash: 305d916476759d8eae7294d98dd35bf7403215b1a238bddeab21c0da5bbcfa1a name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: eb86ee299c42526d562dabfd518c48a316f5d1021c66d7125147ed2ec513bd3c + manifestHash: 247f99c74c91040c5485754c665fc6c98e568c463476a68c2f24c4759e54d529 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 050907f9ab..f34960a301 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index c49e198057..a33b9fff16 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index b26e4b087c..cbf2c367e9 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index b23601bbc8..14632a8165 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content index 06be8df778..abd9fc2f67 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/mixed_instances/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml b/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml index 776199af05..7f52bc4be5 100644 --- a/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/mixed_instances/in-v1alpha2.yaml @@ -29,7 +29,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.mixedinstances.example.com networkCIDR: 10.0.0.0/16 networking: diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 7097d1aabd..3ff8fd748f 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -662,7 +662,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -748,7 +748,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -834,7 +834,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -916,7 +916,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data index 4c73c97103..fd7601a071 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1a.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: gcWAvv1QiO+KxfCeXPae8Z/DOM5bwCg/p2Nuy/9ckzY= +NodeupConfigHash: 5uLKMwY31M8+U+Pdw9D9QVF+9X7dv5Y3GXjraIEaubg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data index e2f12dd383..8591632f8e 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1b.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1b InstanceGroupRole: ControlPlane -NodeupConfigHash: huIKr3Syeo4VAdMAj1pzKo6pMeUcEX2uHa8FbxEGvC8= +NodeupConfigHash: wS6f1JJdyJ5gTWcnGBnst/vdiwZR1Z8sV68OwV8akFw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data index 30c819f74c..44bee14b69 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_master-us-test-1c.masters.mixedinstances.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: mixedinstances.example.com ConfigBase: memfs://clusters.example.com/mixedinstances.example.com InstanceGroupName: master-us-test-1c InstanceGroupRole: ControlPlane -NodeupConfigHash: rtsEQx/eHf9m0/25wraf0IMpqvOmAMCdaJ9lEySMkec= +NodeupConfigHash: Rz2R4e2cf+3fAoVM1XUdF6RV5BElUh+JfHEMxuS7vgw= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data index 8f59e793ed..389430b403 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_launch_template_nodes.mixedinstances.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.mixedinstances.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: vR9tnPGXM/YLtMOlHeM7mjuYi4aIzmBsFG6KIDf8rFA= +NodeupConfigHash: 19kQmwaIQCL4XbGiz1Y2jrp1BXXCjZ3uY0jn+rIW3Pg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content index 7cc92d9e44..d2c939ea06 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -85,10 +85,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -114,10 +111,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -139,13 +133,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -158,9 +149,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index dfbf63a83d..9752e0db3e 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content index 21a3925336..309d8d63a5 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2dff95f6ee3140aee212f552a944a2319622f1437dc0cd4afc5e6a6771a2c162 + manifestHash: 305d916476759d8eae7294d98dd35bf7403215b1a238bddeab21c0da5bbcfa1a name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: eb86ee299c42526d562dabfd518c48a316f5d1021c66d7125147ed2ec513bd3c + manifestHash: 247f99c74c91040c5485754c665fc6c98e568c463476a68c2f24c4759e54d529 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 050907f9ab..f34960a301 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_mixedinstances.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index c49e198057..a33b9fff16 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content index b26e4b087c..cbf2c367e9 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1b_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1b.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1b.yaml diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content index b23601bbc8..14632a8165 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-master-us-test-1c_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: mixedinstances.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/main-master-us-test-1c.yaml - memfs://clusters.example.com/mixedinstances.example.com/manifests/etcd/events-master-us-test-1c.yaml diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content index 06be8df778..abd9fc2f67 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml b/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml index d55cdda2ab..8aa1c3e27d 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/mixed_instances_spot/in-v1alpha2.yaml @@ -29,7 +29,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.mixedinstances.example.com networkCIDR: 10.0.0.0/16 networking: diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index 23d91a2898..8b8038559f 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -662,7 +662,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -748,7 +748,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -834,7 +834,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -916,7 +916,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data index 33802f7b47..f062eab014 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: nthimdsprocessor.longclustername.example.com ConfigBase: memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: W2lV8NHzvl+MZwINWEvjBhPHQ8eg1B0nqEeIRW6xDGA= +NodeupConfigHash: dhGH8+9L9YU2woe3u/YOTBQhCva+0Yk1SGNlVN73iIU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data index 4c69c27391..49496dc202 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.nthimdsprocessor.longclustername.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: WXrB501m8YYXdXQLgK4bFtMY7qVmedWOcBOWOufewr4= +NodeupConfigHash: i2cRnQBi+hhD4O/d6M8VDJ7/7Lij5uqAJgU7W1SG0lY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content index 969dc2a0fe..cce228855f 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -78,10 +78,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -107,10 +104,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -132,13 +126,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -151,9 +142,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -164,7 +152,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -174,9 +162,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 5695641a43..41e7e55fc7 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content index 08c1576e6b..9c587d5cdd 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 53dcd17a65..61a841f63f 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -48,7 +48,7 @@ spec: value: arn:aws-test:iam::123456789012:role/aws-cloud-controller-manager.kube-system.sa.nthimdsproces-25s838 - name: AWS_WEB_IDENTITY_TOKEN_FILE value: /var/run/secrets/amazonaws.com/token - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content index 2149c77f79..378ba9b71d 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: c0079a2239f293612d218e04ef7d4732a8304ae5fe3f838f5c6a8880a94e5838 + manifestHash: 217253cffd6383c22916064be4f4270878f17bdd7eb0874dca4f2a320bf4b165 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -97,7 +97,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 2f5d4aab4306865ea2ee9ac78c1b8b24c168d77e776c44474df01c2ae1796287 + manifestHash: c9bd7fcc3665150d926f639acf26829071c0bba1664f8e2c046c3b519f9b9ae0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 30f2437b12..b79db0dcd6 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml b/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml index b3fcc0d678..87cc8325b3 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: useServiceAccountExternalPermissions: true kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.nthimdsprocessor.longclustername.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf b/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf index 15aeb687ca..865a8414b8 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/kubernetes.tf @@ -467,7 +467,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-nthimdsprocessor-longc http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -546,7 +546,7 @@ resource "aws_launch_template" "nodes-nthimdsprocessor-longclustername-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data index 262e631733..9502d3fb0b 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_master-us-test-1a.masters.nthimdsprocessor.longclustername.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: nthimdsprocessor.longclustername.example.com ConfigBase: memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: oneXzbKQoSNTcp48EoJyoAK2SAqXvqeO0D7pSdFW2ys= +NodeupConfigHash: XqEb8qdGO7RWvBf7G8QnT6RxVCL0rzMX6VApjdwWUgM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data index 4c69c27391..49496dc202 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_launch_template_nodes.nthimdsprocessor.longclustername.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.nthimdsprocessor.longclustername.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: WXrB501m8YYXdXQLgK4bFtMY7qVmedWOcBOWOufewr4= +NodeupConfigHash: i2cRnQBi+hhD4O/d6M8VDJ7/7Lij5uqAJgU7W1SG0lY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content index 1c01cddfd8..b9c1705a78 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 56e6995c64..c0addd950a 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: nthimdsprocessor.longclustername.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/nthimdsprocessor.longclustername.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content index 08c1576e6b..9c587d5cdd 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 0e8716858d..7e9118f008 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content index edc094e9e1..03f3861e99 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: c0079a2239f293612d218e04ef7d4732a8304ae5fe3f838f5c6a8880a94e5838 + manifestHash: 217253cffd6383c22916064be4f4270878f17bdd7eb0874dca4f2a320bf4b165 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -97,7 +97,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 52fbb9c23511d7138ccce0b7d86d5ee74e031182a17b5cf06d06f0b210d76de0 + manifestHash: 36fb1266bd99820faf884c6d7f1ac5c23006ea60a6db56e02486f2dfd42d79b2 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 30f2437b12..b79db0dcd6 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_s3_object_nthimdsprocessor.longclustername.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml b/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml index e4deafebac..a42ae815ec 100644 --- a/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/nth-imds-processor/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.nthimdsprocessor.longclustername.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf b/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf index 7a2b02be93..f5fdf5a1be 100644 --- a/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf +++ b/tests/integration/update_cluster/nth-imds-processor/kubernetes.tf @@ -334,7 +334,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-nthimdsprocessor-longc http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -413,7 +413,7 @@ resource "aws_launch_template" "nodes-nthimdsprocessor-longclustername-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index 6aa8bb5e2a..a9fac5d8c3 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/nvidia/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Us/bFG13BDJh1nGH/SBdjJgBhb9qMXj9EaWYHDeRqTM= +NodeupConfigHash: La8b3BiFkx9dbUYjT6jQs+QLudu3haL+Uj1BhIOIOiY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data index da6926dbb5..dcff105e83 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/nvidia/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: wZ1I0kZFJcuJYwy6TkNsVTa9P3qhW/UsJjjGejrba0w= +NodeupConfigHash: I4hErEBg3O62hSeGYG68MxFBUt9joMYwylFYYXk89hM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content index 3ebc1735e3..88110e13cd 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -30,8 +30,8 @@ spec: enabled: true package: nvidia-driver-535-server runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -80,10 +80,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,10 +106,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,13 +128,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,9 +144,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -166,7 +154,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -176,9 +164,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 146785d7f0..0b5cbd1b5f 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 9af8cf2aaf..6903f0ee35 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -329,8 +319,8 @@ containerdConfig: enabled: true package: nvidia-driver-535-server runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content index d153dd3bfd..1f247a872c 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/nvidia/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -53,7 +52,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - nvidia.com/gpu:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -67,7 +66,7 @@ containerdConfig: enabled: true package: nvidia-driver-535-server runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml b/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml index 1580944aa5..c30665e4d0 100644 --- a/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/nvidia/in-v1alpha2.yaml @@ -25,7 +25,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/nvidia/kubernetes.tf b/tests/integration/update_cluster/nvidia/kubernetes.tf index 5cbce4915b..ba92b5c539 100644 --- a/tests/integration/update_cluster/nvidia/kubernetes.tf +++ b/tests/integration/update_cluster/nvidia/kubernetes.tf @@ -425,7 +425,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -507,7 +507,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml b/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml index fc948995bc..4f0cce887f 100644 --- a/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/openstack_floatingip/in-v1alpha2.yaml @@ -33,7 +33,7 @@ spec: anonymousAuth: false kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.floatingip-openstack.k8s.local networking: cni: {} diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data index 4f2fe753c0..7002ec65a7 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_master-us-test-1a.masters.private-shared-ip.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: private-shared-ip.example.com ConfigBase: memfs://clusters.example.com/private-shared-ip.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: PTOyfcL4CyyaQhsPp8abT6ZryyDJ2LrSEn4JnaFLjIE= +NodeupConfigHash: ii45HiarxMQZsJqnXYnNebvgWW4hf6YnVUYSKi+8YL8= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data index 034847f43d..133cb9c4f4 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_launch_template_nodes.private-shared-ip.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.private-shared-ip.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: q9bVDtcfKe/XJHZEdokHUpmfefie9CVCI0CtMVHziM4= +NodeupConfigHash: 9Oou1lw7xVY8YYKgHY91szzPCnI9v/keIF9tgamYg8U= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content index d598dd881e..2976e4bafa 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-ip.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-ip.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 7202f8af95..b8a07791e8 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-ip.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/private-shared-ip.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/private-shared-ip.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content index 5d0c4121a4..fdfe49ff05 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 43ec524f6f..e13c2a32d7 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content index 21e07aa427..dcae5c68c0 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 72880d935085b840392c3820b006a429970a88552da8b8771901b94d606596ca + manifestHash: ea8a16023b8f2804538503547cafda28514c00d543861c496db350e8be8d7970 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: bf3e0e94909bb2e1e283e06dff51f6bd27d2a2058515f8de00fc551a33e6dc07 + manifestHash: 56848c362702e77c4c97fcd36965dd1499b55b4d236e88fd16df85f7bd857066 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 5f79da8322..076b138dec 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_s3_object_private-shared-ip.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml b/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml index eff4a9c323..44ce537ca1 100644 --- a/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/private-shared-ip/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.private-shared-ip.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index 8853868435..fb6f862339 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -546,7 +546,7 @@ resource "aws_launch_template" "bastion-private-shared-ip-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -619,7 +619,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -701,7 +701,7 @@ resource "aws_launch_template" "nodes-private-shared-ip-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data index d33dd15059..48f7d10919 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_master-us-test-1a.masters.private-shared-subnet.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: private-shared-subnet.example.com ConfigBase: memfs://clusters.example.com/private-shared-subnet.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: BXCD57hoEt99Pw7lV4+jHKn/7Kgr4l63uTJLTL3D5ck= +NodeupConfigHash: /FBSU5TLffmA5IaAnDo5Tm3P//nae1OJAobmsWEmjeM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data index 7dda929727..adf41e28e1 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_launch_template_nodes.private-shared-subnet.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.private-shared-subnet.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: IRFhB94UHzhXOwVNuL3GgI3ww+N0Cc7yqFnVLrCTA64= +NodeupConfigHash: vtNbCi2JHDrzGVdfEDFVLBUIb4Ik6nLHpHo/G70CVsY= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content index 567f3acbf5..29fa16439c 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-subnet.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-subnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 78feea9db0..dc42695e50 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: private-shared-subnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/private-shared-subnet.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/private-shared-subnet.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content index 05d72f86dc..e563c5ddb7 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 53fbdb8a90..e6613b3fbb 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content index f00090cfdc..652f49e8e8 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 910043a53ef152b7c32d98e1f1e3fb1660557d36cdd2c1207874aac0fd6c5863 + manifestHash: 1d575a4b60e5691e4fdb243219eeceb0fccb7568940a03064d3773caf14fe2a5 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 0aef52b4fec035c3f6b72b2edcb30ee5a6cc82404bece926a11f09336ef0db0d + manifestHash: 2f3e4d832cb9e852c85ec8af72dca56f017cd9269ee86c89d017ee0f5c2c328a name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 8ae219a346..1879785225 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_s3_object_private-shared-subnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml b/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml index 68c70b4b32..41c9d6f9a1 100644 --- a/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/private-shared-subnet/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.private-shared-subnet.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 62fc166c6b..de36392689 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -541,7 +541,7 @@ resource "aws_launch_template" "bastion-private-shared-subnet-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -614,7 +614,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -696,7 +696,7 @@ resource "aws_launch_template" "nodes-private-shared-subnet-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data index 1aa711ea02..42b3c7d2ff 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecalico.example.com ConfigBase: memfs://clusters.example.com/privatecalico.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 0zrVsZ9YLJdEbQ9i26XcouHxPBNm2iubrF+LHOoiQzM= +NodeupConfigHash: RxlEtHNfH53lI4clCWh1C3UxjvkLO1JxxKsSpMB82Eg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data index d7145ecd1a..75a6a46b79 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecalico.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: M4JVU8sN/OLDmMrsAYw3+X7anH94lfKa/oTaj/nTCqg= +NodeupConfigHash: jPqQ8RBtT7qizMAfTzQGWl7nknWZuc7qmFD+1vberOo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content index 7643828e70..5dcba0e175 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -80,10 +80,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,10 +106,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -134,13 +128,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,9 +144,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -167,7 +155,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -177,9 +165,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index a5b5151593..11925d5f58 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -236,19 +235,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -278,7 +271,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -289,9 +282,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -306,7 +296,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -320,8 +310,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content index 053cc4ce68..f09fb2ad60 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: calico: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6f33460f79..673845c7e2 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content index 72308fdcfa..993df8f3fc 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 8a7817e016615a2de3f0ee07b6a3d53a6cd842bb1a77d0c70b614ba34ad09007 + manifestHash: 77f2da51c043335f042bfd91d197e73d586b81c05416a273dca3f1246a3e45a3 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -161,7 +154,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: f6554ccd03e4ed0f7b1a7f2e26e57b4f7934c9510c7977ecd31b1356ff22c78e + manifestHash: d5227e5509e4e419c84ad689d1e3e94cc2410bd214e34ffdeccb9a198ad9991c name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 4930411f25..64580538f8 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml index 2548821f47..4fd823e7f8 100644 --- a/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml @@ -28,7 +28,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatecalico.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index a45ce619ff..3eb789ced0 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1017,14 +1017,6 @@ resource "aws_s3_object" "privatecalico-example-com-addons-kubelet-api-rbac-addo server_side_encryption = "AES256" } -resource "aws_s3_object" "privatecalico-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/privatecalico.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "privatecalico-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data index 3a93d1b82a..fa148d3ab0 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_master-us-test-1a.masters.privatecanal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecanal.example.com ConfigBase: memfs://clusters.example.com/privatecanal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: Tzt+LJNVum4rolb+f9MYOC2te4Nk8Li4n1tG0E8yThU= +NodeupConfigHash: dAwHqVTTO1qMtEX57Crs+jLAUgpZLTxB9Ku9bjOhj4M= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data index b8f3ee5f3b..65d3d4db6f 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data +++ b/tests/integration/update_cluster/privatecanal/data/aws_launch_template_nodes.privatecanal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecanal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: SUBDaWUSj6cy/++lg4oXVkohdU9EAmH8PMjhwe9GFZI= +NodeupConfigHash: g+FERmpnJMbh0dwiue0Zq0f8blAQk19fqu/GYT6go/o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content index 5a40e570a0..c6cfb6ab9c 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecanal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 leaderElection: leaderElect: true cloudProvider: aws @@ -80,9 +80,8 @@ spec: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,9 +108,8 @@ spec: clusterName: privatecanal.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +131,12 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 kubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,7 +150,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -165,7 +161,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.27.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -176,7 +172,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 871e4dff57..4631dea45c 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,9 +26,8 @@ APIServerConfig: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,9 +57,10 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz @@ -68,9 +68,10 @@ Assets: - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -239,18 +240,16 @@ ControlPlaneConfig: clusterName: privatecanal.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +280,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,7 +292,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -309,7 +307,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content index e7b3128951..24abbb5ea9 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -38,7 +40,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -50,7 +51,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 05fe82ae37..59ca0721d4 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content index bf4b5c5875..a48cd2b618 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: acc0d848ab58867fee4fce0316f900da4e12cf52536c2684bdf9d70d8112caba + manifestHash: 940d9f4a3cf44a57e6c0a9215fedfcfa15bc56d4c9d3175ad592ee088e705d4d name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -161,7 +154,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 8218a862df2d60c98f8cdb578b11e9fe9d72014f58ef3f7e28c2aeb7fa7726ea + manifestHash: 83c24e3227c186629805bef655b3fb4a01b717c6aa7dc27dff8fe1a65fb5946b name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index b2864b989c..92dad9a7fd 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml index 3c972c3099..0198ce593e 100644 --- a/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecanal/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.27.0 masterPublicName: api.privatecanal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index fe639d19a5..606872094b 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecanal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privatecanal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1021,14 +1021,6 @@ resource "aws_s3_object" "privatecanal-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "privatecanal-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privatecanal.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/privatecanal.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "privatecanal-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privatecanal.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index 7ce958d74d..ad291c8c24 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecilium.example.com ConfigBase: memfs://clusters.example.com/privatecilium.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: EfRmrXwAJQOY4THMrPgg1OclG1TjOfn3YrwOqJQhn9A= +NodeupConfigHash: 40b3WR+1nmKrGmrl04OXQ9Yx/d+XWdbEXyl9IYOlCNM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data index b23e985041..c5b301b8a4 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_launch_template_nodes.privatecilium.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecilium.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: he//sRQ65KbEnUJO8eysGmp6T+Apm2QIZkmgwwGhWBk= +NodeupConfigHash: egB3QUK5r1x1iEbPEcMJIkYui5A1Kl6gAahEVB6/c2c= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content index 7ccc5648b5..0b65985be4 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 3966bc022f..6a7186730f 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -236,19 +235,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -278,7 +271,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -289,9 +282,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -306,7 +296,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -321,8 +311,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content index 7b5f563dbe..e7874db989 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index ec7506a450..3c0748749e 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 16a72837cd..0c92a2b669 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: aeb3aa6d161bde2033e40fc4e1d361fe1aba8a420002720ead97d055ae198681 + manifestHash: da607990b738a0fc3b879b95c50cace16e060fbd6a0a0601081940dc4e68d90f name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b44f7e419c737573d7494fca41e9f1f2d0ff7c69151ffe791fbcc98ee0ec9f75 + manifestHash: e5cffe367a44e3e3034e6b3c5732321b9feebe37055a5893ab639ea89039e0e0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 19dd7e29ac..bb294c0477 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml index ca9ed82b01..16b3d6014e 100644 --- a/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecilium-eni/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatecilium.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf index dc1d1273cf..29a0485b94 100644 --- a/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium-eni/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data index ebd2ab9cf8..34e257dada 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_master-us-test-1a.masters.privatecilium.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatecilium.example.com ConfigBase: memfs://clusters.example.com/privatecilium.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: swT+uk9CHBRhsFvAzxkDLb+fKSVD2hBWXvhPxKqZKrU= +NodeupConfigHash: QzOkP/bb4cvEAITtmgrXOLYNewJDySSNuSbxInDvY3o= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data index fd51cadf3b..a3ee845fdd 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data +++ b/tests/integration/update_cluster/privatecilium/data/aws_launch_template_nodes.privatecilium.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatecilium.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: wZAAlbLzFNgjOByiI0etqkRoYfZnPg0/EoyuwV/tfsU= +NodeupConfigHash: 3wyb6kd163A2CB3mJgFHt5BNIBff0ipOZDK7GVIeueU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content index 4e2615bc9a..6e3f598a4a 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 5eaba384a5..e71b669ded 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -236,19 +235,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatecilium.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -278,7 +271,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -289,9 +282,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -306,7 +296,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -320,8 +310,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatecilium.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content index 7cbc04bb30..6e51a67843 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -23,7 +25,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -34,9 +36,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -47,7 +46,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: {} nonMasqueradeCIDR: 100.64.0.0/10 @@ -56,7 +55,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index ec7506a450..3c0748749e 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index 6b580fc27d..7118548d99 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: aeb3aa6d161bde2033e40fc4e1d361fe1aba8a420002720ead97d055ae198681 + manifestHash: da607990b738a0fc3b879b95c50cace16e060fbd6a0a0601081940dc4e68d90f name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b44f7e419c737573d7494fca41e9f1f2d0ff7c69151ffe791fbcc98ee0ec9f75 + manifestHash: e5cffe367a44e3e3034e6b3c5732321b9feebe37055a5893ab639ea89039e0e0 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 19dd7e29ac..bb294c0477 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml index 8e98b5659e..7ef6d54794 100644 --- a/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecilium/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatecilium.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index dc1d1273cf..29a0485b94 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index c27b43fc5a..4e44e658a4 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: aeb3aa6d161bde2033e40fc4e1d361fe1aba8a420002720ead97d055ae198681 + manifestHash: da607990b738a0fc3b879b95c50cace16e060fbd6a0a0601081940dc4e68d90f name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 19dd7e29ac..bb294c0477 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data index 95ac1fc0eb..d17f23a219 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_master-us-test-1a.masters.privateciliumadvanced.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privateciliumadvanced.example.com ConfigBase: memfs://clusters.example.com/privateciliumadvanced.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: VQj+uyKj/ZW8kpJvfbAGxjupKJBIGzHfHv9sMXhk2NU= +NodeupConfigHash: 9wT29IerybgUIgq9QFx63Yyfy1ii1y0cPTeCV2ofLhg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data index 9ee8846792..e5c4a95562 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_launch_template_nodes.privateciliumadvanced.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privateciliumadvanced.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 2bX4CTAC/f4IIS21cV5R3ADZPeaBZdsIm3JYPgvQAYs= +NodeupConfigHash: L/UN25Y47L5YTL17lbsaL3myROvdrPMcXay1q9y65JA= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content index db628f8467..b81db479da 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privateciliumadvanced.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -88,10 +88,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -117,10 +114,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privateciliumadvanced.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -143,13 +137,10 @@ spec: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m enabled: false - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,9 +153,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -175,7 +163,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -185,9 +173,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e6811dcd49..078ff81542 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,19 +55,21 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -303,19 +302,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privateciliumadvanced.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -356,9 +349,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -373,7 +363,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -389,8 +379,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privateciliumadvanced.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privateciliumadvanced.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content index 6316faf679..c25b989768 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: @@ -54,9 +56,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -67,7 +66,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: cilium: ipam: eni @@ -78,7 +77,7 @@ UseCiliumEtcd: true containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index a828e03e9d..8d573d9643 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content index 55db92767a..4b452e7183 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: b737e54a084e4ccafe7617f292fb5f7a7ec6df2d4429081b628c6c3b0c5d79f2 + manifestHash: 5a277128e8ec24bd649db2dbd406ef3e0148b86b25f640f1bd528e69cdf29d39 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 4db6adbf7df98b689d00cec1d0dc6c38759002a37b31785cd5487d880e63e8d4 + manifestHash: da23ef882a43d178c362023e7df83b1fbb49c9156a324b9b15e2832ccff8a5b4 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index de0cccb6fd..12f4cd3928 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_object_privateciliumadvanced.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml b/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml index 4fc18ad14d..e769a1dc9b 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privateciliumadvanced/in-v1alpha2.yaml @@ -27,7 +27,7 @@ spec: anonymousAuth: false kubeProxy: enabled: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privateciliumadvanced.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index b1000212b5..8f23309ac0 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -581,7 +581,7 @@ resource "aws_launch_template" "bastion-privateciliumadvanced-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -654,7 +654,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -736,7 +736,7 @@ resource "aws_launch_template" "nodes-privateciliumadvanced-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content index d0f7e493f9..c4941d009c 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 6a7394ac07ef8b3a5659210de83fa137d3a007cc8715abfb793723f071d7e9cd + manifestHash: 40891b41bc5febb699cdfd8fefca0b971412f1714ad968506723ee4dbf613b89 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 3db3164523..bcbd51b1c5 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatedns1/data/aws_s3_object_privatedns1.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data index 39899169ec..4d7cd92d3c 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_master-us-test-1a.masters.privatedns2.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatedns2.example.com ConfigBase: memfs://clusters.example.com/privatedns2.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ugcZCytvVGwU/qlDja4S935pP2wFpAD7EuEq1Pd7VLs= +NodeupConfigHash: qYlQccQBSXjbroja9vvv1JMF8afW6QZu5AOEmy5bD1E= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data index 2807cc960c..567788f9c0 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data +++ b/tests/integration/update_cluster/privatedns2/data/aws_launch_template_nodes.privatedns2.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatedns2.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: qV8GSQcmXX1Ts13q1IlJW1i3/TYBzSL47CeQ/T2/ypk= +NodeupConfigHash: nAk20zSeCR87WiHZkfsrUYrueEHJE+mHJtyTI6n3Yus= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content index 0200472505..21beba10a9 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatedns2.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: private.example.com etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatedns2.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 204f896db8..a5152f259b 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatedns2.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatedns2.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatedns2.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content index e6294a7aed..53f10ef019 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 5fdd615e86..a20e1dfa07 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content index 4e95886146..787dc77af3 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 2da791098b301283a4e31f0d085e37da81573f4f3539bda8c691eee92f1efc08 + manifestHash: af0247137adc9d4f85c2e90d8270c80be73fa9ee7d88b6e061e5b9a7738aa56e name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: acdd832733a91cf253505bccc0158998f81c7524d88b0a3a206633a9e5eb80f8 + manifestHash: b51a2989f16e97ccd7bcfce65c3249a78402f0b107b36ea383fdc3bb03dbb32f name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 8a06cb8366..1850c02d0c 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatedns2/data/aws_s3_object_privatedns2.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml b/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml index 4860eb80a5..8babf0b2ff 100644 --- a/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatedns2/in-v1alpha2.yaml @@ -22,7 +22,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatedns2.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 23afd69cc0..faed780256 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -555,7 +555,7 @@ resource "aws_launch_template" "bastion-privatedns2-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -628,7 +628,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -710,7 +710,7 @@ resource "aws_launch_template" "nodes-privatedns2-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data index 60f50587ca..473b9d7280 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_master-us-test-1a.masters.privateflannel.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privateflannel.example.com ConfigBase: memfs://clusters.example.com/privateflannel.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ho6rEzIIk4sdKLxtW8FlR3pP2LuvlAeaGwNUlFWqcYc= +NodeupConfigHash: frJ+3em7tsd7U8juD4BdvZ0m8uQvv544oIco1bwtu24= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data index f839ec1077..8d2e202a89 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data +++ b/tests/integration/update_cluster/privateflannel/data/aws_launch_template_nodes.privateflannel.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privateflannel.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: yPM+1DZtG568OGiywi4TJ4rMmQPClrdGQaPnawSzNBQ= +NodeupConfigHash: 0+QkObS6BSd1LE17caDANNiEQFr57M16T+x+OlqA7/M= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content index 2fb8a8f295..6fa3f19941 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privateflannel.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 leaderElection: leaderElect: true cloudProvider: aws @@ -80,9 +80,8 @@ spec: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -109,9 +108,8 @@ spec: clusterName: privateflannel.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +131,12 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 kubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -153,7 +150,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -165,7 +161,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.27.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -176,7 +172,6 @@ spec: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e87382d3b4..096314764d 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,9 +26,8 @@ APIServerConfig: etcdServersOverrides: - /events#https://127.0.0.1:4002 featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.27.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,9 +57,10 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz @@ -68,9 +68,10 @@ Assets: - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -239,18 +240,16 @@ ControlPlaneConfig: clusterName: privateflannel.example.com configureCloudRoutes: false featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.27.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.27.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +280,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,7 +292,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -309,7 +307,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: flannel: {} nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content index 6278239688..bb3b21dbca 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,16 +1,18 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - 0b4ed4fcd75d33f5dff3ba17776e6089847fc83064d3f7a3ad59a34e94e60a29@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubelet + - 71a78259d70da9c5540c4cf4cff121f443e863376f68f89a759d90cef3f51e87@https://dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 37aa2edc7c0c4b3e488518c6a4b44c8aade75a55010534ee2be291220c73d157@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubelet + - f8e09630211f2b7c6a8cc38835e7dea94708d401f5c84b23a37c70c604602ddc@https://dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.27.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - 525e2b62ba92a1b6f3dc9612449a84aa61652e680f7ebf4eff579795fe464b57@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz,https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-arm64-v1.2.0.tgz - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.27.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -38,7 +40,6 @@ KubeletConfig: enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% featureGates: - CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 @@ -50,7 +51,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.27.0 Networking: flannel: {} nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 3be6513f9c..2c02bc0a3d 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.9 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content index cccaa130db..e19369813d 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 7d883a4eb3240d3dd2f122a48413b2b439fc351309d83247c544f297fcc5978e + manifestHash: 91d6cc9356d1ab6dbfa1efeb50a7dd4a14bfae60bb4336efcc90ef59e8afbccf name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -157,7 +150,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 54c6191dbc48c0b1f2782709e6fef7172b43b84ac020090f599514e6c7aa6132 + manifestHash: 8f54dad8b0e9f198bcd6ce418ee9d4426bf18180ec35c73ce5a728602e87c5de name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 25d5458da2..05002cdb99 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/privateflannel/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml b/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml index 50325c9783..129f5ba767 100644 --- a/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privateflannel/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.27.0 masterPublicName: api.privateflannel.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index 231a96b62f..9ad06f0d82 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -564,7 +564,7 @@ resource "aws_launch_template" "bastion-privateflannel-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -637,7 +637,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -719,7 +719,7 @@ resource "aws_launch_template" "nodes-privateflannel-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -1021,14 +1021,6 @@ resource "aws_s3_object" "privateflannel-example-com-addons-kubelet-api-rbac-add server_side_encryption = "AES256" } -resource "aws_s3_object" "privateflannel-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privateflannel.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/privateflannel.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "privateflannel-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privateflannel.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data index 51f2107735..1f2e334bbd 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_master-us-test-1a.masters.privatekopeio.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: privatekopeio.example.com ConfigBase: memfs://clusters.example.com/privatekopeio.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 2Zib712nqQzsgrq6EakAWULkD6927ShyRMYWm480gkY= +NodeupConfigHash: avwAe4vqF+fEW1aWfXdSP6UrAE9MuyNBY4WqXUqwvtQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data index d3f7dda3b4..8631a1995e 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data +++ b/tests/integration/update_cluster/privatekopeio/data/aws_launch_template_nodes.privatekopeio.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.privatekopeio.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Gxk3MwyCvSdma4NZKTetNcirTamAo+gCCSRfg6B2EGU= +NodeupConfigHash: QFckf124T5Lw4DusMYCtIGhM4BQNjhY1BrLMe6YISR4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content index 5cc152fd65..6abca0e78a 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatekopeio.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: privatekopeio.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index e535aaaace..11f79b1bec 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: privatekopeio.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/privatekopeio.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/privatekopeio.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content index 5d68953d30..58b6a3a790 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -59,7 +58,7 @@ UsesKubenet: true containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 8c02ce3ff0..bfde36dc0a 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content index 4f63fe30ba..9f3ebcf263 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 8ee134e21e799f2708c68c901427013a073b2fe06ff51ea04277ed5dca2c566b + manifestHash: 7bbe3a24605ebf12e1771b737a37f1e0e8fed6844732d4afaa677000717dbdfa name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -148,7 +148,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 05ece9851eb77341c75d3e7699cfe886e5a71ecb87dcfa20e89752b91e2b6bc1 + manifestHash: 842f48efaf6d6d1830cc85d2756da18dd2e9146ed6e27a3cffc61b23c5dee06c name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index f3af901954..0d967b1037 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatekopeio/data/aws_s3_object_privatekopeio.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml index 256a47b51d..cd4a7a5079 100644 --- a/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatekopeio/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.privatekopeio.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index 29515bbb8b..e70c821c9e 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -570,7 +570,7 @@ resource "aws_launch_template" "bastion-privatekopeio-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -643,7 +643,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -725,7 +725,7 @@ resource "aws_launch_template" "nodes-privatekopeio-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index acece66d4a..c43dd664ae 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data index 17f97bb66d..ec6065e8a8 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_master-us-test-1a.masters.sharedsubnet.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: sharedsubnet.example.com ConfigBase: memfs://clusters.example.com/sharedsubnet.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: T1Xxh9Yn+KIjSZlnh7NnF4Fiepi76IF+Z9IiuIbfW6k= +NodeupConfigHash: VkYkFNQ9ddKiEPFaEl8f1AoFafsrC/ljkmii0ziE6Xc= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data index 9c2f70e3b8..00ae149a0b 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data +++ b/tests/integration/update_cluster/shared_subnet/data/aws_launch_template_nodes.sharedsubnet.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.sharedsubnet.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: r9Py9m0JcWzZGwSQsGI/A62heJNwC9LdtjxaYIXffHM= +NodeupConfigHash: uJvXufU+1GlDNt/sDK7DM1Xy4wbgZaEIGncZN2506FM= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content index b3b33c55ca..d3dff8b4af 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedsubnet.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedsubnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 6c0a393d29..99a88064b9 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: sharedsubnet.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/sharedsubnet.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/sharedsubnet.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content index a536b80e34..ca28f79db6 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index d482680b45..aec9b4d9d4 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content index 0480cf7e0e..ac7e464aee 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 863a1778304a7e7b2b066aabecf01dbaaf087aa4dad6b3f878880a85df5cdc05 + manifestHash: c53c4c31707b4ea1a3544f206d03c15d08d1b27be99870803d2a8eba04f971f0 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 06871aefbcd4ca3585dc42941f25cde59a7f87a99ed2ecaa0d624a19fed6d81e + manifestHash: 4db09b7474382e57e064f2dd2cf00b55639dd9c1c37ac8373e6ec8e6b31e5c5b name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 51fbdf5754..f67da96b10 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/shared_subnet/data/aws_s3_object_sharedsubnet.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml b/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml index 7b6994c3c7..99d43b0ac6 100644 --- a/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/shared_subnet/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.sharedsubnet.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index 0016378bdc..4071b7d846 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -411,7 +411,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -493,7 +493,7 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data index edb3c44a94..7695d19f6d 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_master-us-test-1a.masters.sharedvpc.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: sharedvpc.example.com ConfigBase: memfs://clusters.example.com/sharedvpc.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 3YCh3ulkOfZaSM42BZbdgTUMzKLqjP+aDAza4H/lEE0= +NodeupConfigHash: TWMoWpBK8qHHvmy0UKEC0nAAD06dgB5vu+Nq3mxhsGg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data index 3599bdfb8c..ded7f47b2e 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc/data/aws_launch_template_nodes.sharedvpc.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.sharedvpc.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: JVILxDaCMA/JQxC9oUwfLlFIMy5f4WLUR7MERdx6UXk= +NodeupConfigHash: 03xc+UTihEqt7xtdqh3WnCmRvtmw9uAhSl2gslGYxD4= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content index 7f875ef4a1..49cbbc3271 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedvpc.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: sharedvpc.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index dfdc6d12b6..a7ae408209 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: sharedvpc.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/sharedvpc.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/sharedvpc.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content index f03dd7d3b3..c2060d976f 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index bb30528266..1bf416f327 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content index f0a628890f..0e7afd62af 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: a5fb71a5c52f8b824777bc682da3814b7b27e41c30aba2e897cb67936154ccf8 + manifestHash: 38b43185120de69e389c3997b955618f884986b10d5f8e3e7318237117c82c89 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: ddc0ce25729bdab75f6ef6e7151715925513949eec1170975f82dfc21a5b6695 + manifestHash: 20ef7404a82b9fc3c21cfc5934d2cdb3acd19dc1952aa1e68c904b7e803f4eb7 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 60724b1f54..33ece639bb 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/shared_vpc/data/aws_s3_object_sharedvpc.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml b/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml index 0cbb5be206..eea82aefc4 100644 --- a/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/shared_vpc/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.sharedvpc.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index 68be601fa6..81f92ee7eb 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -411,7 +411,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -493,7 +493,7 @@ resource "aws_launch_template" "nodes-sharedvpc-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index c5d869cf4c..252860c4f8 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal-ipv6.example.com ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: ova1xYqaZS5E5uQNAiCIBVHcoMGGf+DBLF5/WdCmsrM= +NodeupConfigHash: G0hPd4eCJMAGg6pYrHIo9wfKq54mPMVabGDoyBMD2Ys= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index c9dc716360..44982fd21f 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal-ipv6.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: Suh4p0bTQdigoYjO1dUnjDxRE8QVjilE46kAJsS1hw8= +NodeupConfigHash: APtMtZEprhYFWmjygsGZC7lNfj9mFxTkuQ7aqfvRjgE= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content index 9f2909b246..8e0f243cdb 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_cluster-completed.spec_content @@ -22,7 +22,7 @@ spec: allocateNodeCIDRs: false clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -31,8 +31,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -81,10 +81,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -112,10 +109,7 @@ spec: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +132,10 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -157,9 +148,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -171,7 +159,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.25.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -181,9 +169,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index cccab2c234..3089f7d99c 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -43,7 +43,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.25.15 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index b1091896c9..676623b59b 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 789e163f90e57004cbe9f1ceffea4e30cda69da2e60bc05623404d85fa098bed + manifestHash: c0e588106cb050f6e2e8b10082da29b67937142de68a58f5d28d611169263131 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -106,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: deacc9b38bf6a0e9e88d9e9ca241948e85f05f4a2dd396461cde5fc60ab67e39 + manifestHash: a26b686d2e5ed0161da6ff083a66024102cd57a5ceb6471155fe814e16ed9710 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 0bbb7b366b..7f92a8042c 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content deleted file mode 100644 index 11ed6d46fd..0000000000 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -rules: -- apiGroups: - - coordination.k8s.io - resourceNames: - - cloud-provider-extraction-migration - resources: - - leases - verbs: - - create - - list - - get - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: leader-migration.rbac.addons.k8s.io - name: system::leader-locking-migration - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: system::leader-locking-migration -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: User - name: system:kube-controller-manager -- kind: ServiceAccount - name: kube-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: aws-cloud-controller-manager - namespace: kube-system -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index f14cae1b25..9453566332 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.25.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -240,19 +239,13 @@ ControlPlaneConfig: controllers: - '*' - -nodeipam - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.25.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.25.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: service-account: "2" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content index d21db8daff..62be24183b 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - 7f9183fce12606818612ce80b6c09757452c4fb50aefea5fc5843951c5020e24@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubelet - - e23cc7092218c95c22d8ee36fb9499194a36ac5b5349ca476886b7edc0203885@https://dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - 69572a7b3d179d4a479aa2e0f90e2f091d8d84ef33a35422fc89975dc137a590@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubelet - - 24db547bbae294c5c44f2b4a777e45f0e2f3d6295eace0d0c4be2b2dfa45330d@https://dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.25.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -25,7 +27,7 @@ KeypairIDs: kubernetes-ca: "6982820025135291416230495506" KubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.25.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -36,9 +38,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -49,7 +48,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.25.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: ::/0 serviceClusterIPRange: fd00:5e4f:ce::/108 @@ -57,7 +56,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml b/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml index 954403d603..86d2b4abff 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/shared_vpc_ipv6/in-v1alpha2.yaml @@ -30,7 +30,7 @@ spec: kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: v1.25.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networkID: vpc-12345678 diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf b/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf index 896b1da062..6c4778d74c 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc_ipv6/kubernetes.tf @@ -465,7 +465,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -547,7 +547,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -907,14 +907,6 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { - bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" - provider = aws.files - server_side_encryption = "AES256" -} - resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data index d0a8dd46a6..78a6da7a1a 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_master-us-test-1a.masters.unmanaged.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: unmanaged.example.com ConfigBase: memfs://clusters.example.com/unmanaged.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: vB751VwdGSEBu+XxAz1BYvCDODKU5uxOtZzrO5GwEEs= +NodeupConfigHash: 6nJb7sJeadxJnUHbDu+GEKQrAtxx6zKBIg60fO/i+TQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data index 2de4fec430..341400d978 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data +++ b/tests/integration/update_cluster/unmanaged/data/aws_launch_template_nodes.unmanaged.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.unmanaged.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 3d72M+QofcXI3iMTzGRwvc9nhdMSOqd0IORgF4p0L1U= +NodeupConfigHash: 7aOz1O9etlUlJu29lWdUR7ejfTKywjc4IICwkDrbYFQ= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content index 986a3a53dc..56112e4920 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_cluster-completed.spec_content @@ -20,7 +20,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: unmanaged.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -29,8 +29,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -79,10 +79,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -108,10 +105,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: unmanaged.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -133,13 +127,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -152,9 +143,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -165,7 +153,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -175,9 +163,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 998790ce21..6a52ec79a0 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,10 +25,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -58,21 +55,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -238,19 +237,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: unmanaged.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -281,7 +274,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -292,9 +285,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -309,7 +299,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -322,8 +312,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/unmanaged.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/unmanaged.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content index fa1352dfe5..a80b063714 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index f9254bb094..dad26df660 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content index e847b0ba1e..6ffda9e22f 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: dcd2e2c10ce874998e49749f3231e7a8bd03400cb2b7afa06d3bd9b4e212a9fa + manifestHash: e2e3831d7fb0e881d3517d2e35d21734460dc93ea948cbb80d4cda1c976b8f6c name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3c8f512da962ccc2d96abbcfaccb561e541e61d21a551353b81076d5748f569b + manifestHash: c6c6a5e86c45805ae2b7dd7f690023b1141208c24d37b501d545e05498a72d60 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index f72ff561d0..3e124cec1e 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/unmanaged/data/aws_s3_object_unmanaged.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml b/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml index 83ab534eef..7a97046389 100644 --- a/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/unmanaged/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.unmanaged.example.com networkID: vpc-12345678 networkCIDR: 172.20.0.0/16 diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 3d3222f1e9..e8762d3559 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -546,7 +546,7 @@ resource "aws_launch_template" "bastion-unmanaged-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -619,7 +619,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -701,7 +701,7 @@ resource "aws_launch_template" "nodes-unmanaged-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data index ef16068ce7..a7e5ee4cd8 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data +++ b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_master-us-test-1a.masters.minimal.example.com_user_data @@ -130,7 +130,7 @@ ClusterName: minimal.example.com ConfigBase: memfs://clusters.example.com/minimal.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: ControlPlane -NodeupConfigHash: 7eHYq2LK1E2ckFYz8iTZKhMiwyKE9zZ4N9Iijh0av/c= +NodeupConfigHash: W8NFX6KK30qwqKrWITT68BWrONeCqODCE+WyT5XaCtg= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data index e6a1bb07bc..26c4acec16 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data +++ b/tests/integration/update_cluster/vfs-said/data/aws_launch_template_nodes.minimal.example.com_user_data @@ -153,7 +153,7 @@ ConfigServer: - https://kops-controller.internal.minimal.example.com:3988/ InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 8CZ7yLVzS//HUyyG0tIMtQkPj8eMl/QL1MNtZRcEDDE= +NodeupConfigHash: t2/12y7VXoGGNdtQIULeLhZDujjPhBAKUrRZmAAlMKU= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content index 147a4de643..349b6c19a0 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 leaderElection: leaderElect: true cloudProvider: aws @@ -27,8 +27,8 @@ spec: containerd: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 dnsZone: Z1AFAKE1ZON3YO etcdClusters: - backups: @@ -77,10 +77,7 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -106,10 +103,7 @@ spec: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -131,13 +125,10 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 kubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -150,9 +141,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 @@ -163,7 +151,7 @@ spec: shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.26.0 + kubernetesVersion: 1.32.0 masterKubelet: anonymousAuth: false cgroupDriver: systemd @@ -173,9 +161,6 @@ spec: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 podInfraContainerImage: registry.k8s.io/pause:3.9 diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index 6a2ea02daa..adc407bc80 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 2c3f3b4fdf..6696cb9bf5 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: d1f0f8dd525c00141e16a7716fe1b4380b53e1f028dc4fcf6eeed91e8b95f022 + manifestHash: 228514f5c6e5c8182c33ed224f1529ccdaf9d212cf5531007436c95ae9b421a7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 907342d510..4aa1194f1e 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_minimal.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -63,6 +63,8 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 + - name: KOPS_RUN_TOO_NEW_VERSION + value: "1" image: registry.k8s.io/kops/kops-controller:1.31.0-beta.1 name: kops-controller resources: diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index b5ef4fade7..54a6828c9d 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -26,10 +26,7 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.26.0 + image: registry.k8s.io/kube-apiserver:v1.32.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -59,21 +56,23 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 @@ -239,19 +238,13 @@ ControlPlaneConfig: clusterCIDR: 100.96.0.0/11 clusterName: minimal.example.com configureCloudRoutes: false - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.26.0 + image: registry.k8s.io/kube-controller-manager:v1.32.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true KubeScheduler: - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.26.0 + image: registry.k8s.io/kube-scheduler:v1.32.0 leaderElection: leaderElect: true logLevel: 2 @@ -282,7 +275,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -293,9 +286,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -310,7 +300,7 @@ KubeletConfig: shutdownGracePeriodCriticalPods: 10s taints: - node-role.kubernetes.io/control-plane=:NoSchedule -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -323,8 +313,8 @@ configStore: containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 etcdManifests: - memfs://clusters.example.com/minimal.example.com/manifests/etcd/main-master-us-test-1a.yaml - memfs://clusters.example.com/minimal.example.com/manifests/etcd/events-master-us-test-1a.yaml diff --git a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content index 3b68234cbd..da75b50a11 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/vfs-said/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,18 +1,20 @@ Assets: amd64: - - b64949fe696c77565edbe4100a315b6bf8f0e2325daeb762f7e865f16a6e54b5@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubelet - - b6769d8ac6a0ed0f13b307d289dc092ad86180b08f5b5044af152808c04950ae@https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl - - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz - - bb9a9ccd6517e2a54da748a9f60dc9aa9d79d19d4724663f2386812f083968e2@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-amd64.tar.gz - - f00b144e86f8c1db347a2e8f22caade07d55382c5f76dd5c0a5b1ab64eaec8bb@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64 + - 5ad4965598773d56a37a8e8429c3dc3d86b4c5c26d8417ab333ae345c053dae2@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubelet + - 646d58f6d98ee670a71d9cdffbf6625aeea2849d567f214bc43a35f8ccb7bf70@https://dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/amd64/kubectl + - 5035d7814c95cd3cedbc5efb447ef25a4942ef05caab2159746d55ce1698c74a@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/amd64/ecr-credential-provider-linux-amd64 + - 2503ce29ac445715ebe146073f45468153f9e28f45fa173cb060cfd9e735f563@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz + - f8b2d935d1f86003f4e0c1af3b9f0d2820bacabe6dc9f562785b74af24c5e468@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz + - a83c0804ebc16826829e7925626c4793da89a9b225bbcc468f2b338ea9f8e8a8@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64 - 71aee9d987b7fad0ff2ade50b038ad7e2356324edc02c54045960a3521b3e6a7@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-amd64.tar.gz - d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz arm64: - - fb033c1d079cac8babb04a25abecbc6cc1a2afb53f56ef1d73f8dc3b15b3c09e@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubelet - - 79b14e4ddada9e81d2989f36a89faa9e56f8abe6e0246e7bdc305c93c3731ea4@https://dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.26.0/bin/linux/arm64/kubectl - - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz,https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz - - c3e6a054b18b20fce06c7c3ed53f0989bb4b255c849bede446ebca955f07a9ce@https://github.com/containerd/containerd/releases/download/v1.6.20/containerd-1.6.20-linux-arm64.tar.gz - - 54e79e4d48b9e191767e4abc08be1a8476a1c757e9a9f8c45c6ded001226867f@https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.arm64 + - bda9b2324c96693b38c41ecea051bab4c7c434be5683050b5e19025b50dbc0bf@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubelet + - ba4004f98f3d3a7b7d2954ff0a424caa2c2b06b78c17b1dccf2acc76a311a896@https://dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl,https://cdn.dl.k8s.io/release/v1.32.0/bin/linux/arm64/kubectl + - b3d567bda9e2996fc1fbd9d13506bd16763d3865b5c7b0b3c4b48c6088c04481@https://artifacts.k8s.io/binaries/cloud-provider-aws/v1.27.1/linux/arm64/ecr-credential-provider-linux-arm64 + - f0f440b968ab50ad13d9d42d993ba98ec30b2ec666846f4ef1bddc7646a701cc@https://storage.googleapis.com/k8s-artifacts-cni/release/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz,https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-arm64-v1.6.1.tgz + - 48d0a8461ae829b12b07c3663b14b70287d0607a0792719c51b4e4dd700b02ce@https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-arm64.tar.gz + - 050ee97c266bf7d31e1474568ffcbb2a3ff2208087aaa238c8bbe7e398414126@https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.arm64 - d8df47708ca57b9cd7f498055126ba7dcfc811d9ba43aae1830c93a09e70e22d@https://github.com/containerd/nerdctl/releases/download/v1.7.4/nerdctl-1.7.4-linux-arm64.tar.gz - 0b615cfa00c331fb9c4524f3d4058a61cc487b33a3436d1269e7832cf283f925@https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz CAs: {} @@ -26,7 +28,7 @@ KeypairIDs: KubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.26.0 + image: registry.k8s.io/kube-proxy:v1.32.0 logLevel: 2 KubeletConfig: anonymousAuth: false @@ -37,9 +39,6 @@ KubeletConfig: clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% - featureGates: - CSIMigrationAWS: "true" - InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 nodeLabels: @@ -50,7 +49,7 @@ KubeletConfig: registerSchedulable: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s -KubernetesVersion: 1.26.0 +KubernetesVersion: 1.32.0 Networking: nonMasqueradeCIDR: 100.64.0.0/10 serviceClusterIPRange: 100.64.0.0/13 @@ -58,7 +57,7 @@ UpdatePolicy: automatic containerdConfig: logLevel: info runc: - version: 1.1.5 - version: 1.6.20 + version: 1.1.14 + version: 1.7.22 usesLegacyGossip: false usesNoneDNS: false diff --git a/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml b/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml index 0a11d4640d..236f50e2a6 100644 --- a/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/vfs-said/in-v1alpha2.yaml @@ -21,7 +21,7 @@ spec: iam: {} kubelet: anonymousAuth: false - kubernetesVersion: v1.26.0 + kubernetesVersion: v1.32.0 masterPublicName: api.minimal.example.com networkCIDR: 172.20.0.0/16 networking: diff --git a/tests/integration/update_cluster/vfs-said/kubernetes.tf b/tests/integration/update_cluster/vfs-said/kubernetes.tf index 91793b75e1..f411914105 100644 --- a/tests/integration/update_cluster/vfs-said/kubernetes.tf +++ b/tests/integration/update_cluster/vfs-said/kubernetes.tf @@ -441,7 +441,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -523,7 +523,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml index a5c04d183f..6e198d9a3e 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml index a5c04d183f..6e198d9a3e 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml @@ -107,7 +107,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml index 83fd366cd7..87ca1822c2 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/aws-cloud-controller.addons.k8s.io-k8s-1.18.yaml @@ -44,7 +44,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.26.12 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.31.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 9d20fcd148..65dbfb0483 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 850dd51121c3ea4eb2ce31f16862580c71e721c13593c6e60e9ab6724cf2b123 + manifestHash: 494762e346e6a111ec4a9d304f46c91487b597e7280001d1dbabde02ef0057cd name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml index b636c7a37b..f54d077977 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/crd/manifest.yaml @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml index 06a7ffd204..0818b62525 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/mappings/manifest.yaml @@ -106,7 +106,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml index 4e7fa23586..ae48acf083 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/coredns/manifest.yaml @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml index fa1837f61d..f8a15ba503 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -121,7 +114,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: d6c71f99d6cb21362bbfaf25aa6c388e68f29f750a002f4b6c073c42ee4c44fa + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index 178a380cac..85541fa758 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -26,13 +26,6 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 - - id: k8s-1.23 - manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml - manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 - name: leader-migration.rbac.addons.k8s.io - selector: - k8s-addon: leader-migration.rbac.addons.k8s.io - version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -178,7 +171,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: d6c71f99d6cb21362bbfaf25aa6c388e68f29f750a002f4b6c073c42ee4c44fa + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml index 389ea61a8e..4005b8efb1 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml @@ -99,7 +99,7 @@ spec: version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: 3891146b4343ab2797e82da20fd4b93fa8f09ab95f694ad9ebab4a53e78c061f + manifestHash: 60e82d4f6ecd2c3b7d0a7d8d72ec78dae235dd75cd0711db0cd6a5c811466993 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io