From f5954e13880c9bef46263678dd792f7dc3028f3d Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 21 May 2022 10:43:13 +0200 Subject: [PATCH 1/5] Switch Calico integration tests to k8s v1.24 --- cmd/kops/integration_test.go | 14 ++-- .../minimal-ipv6-calico/in-v1alpha2.yaml | 74 +++++++++++-------- .../privatecalico/in-v1alpha2.yaml | 42 +++++++---- 3 files changed, 75 insertions(+), 55 deletions(-) diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index d5f70e4123..d3fbf00e72 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -181,11 +181,13 @@ func (i *integrationTest) withAddons(addons ...string) *integrationTest { } const ( - dnsControllerAddon = "dns-controller.addons.k8s.io-k8s-1.12" awsCCMAddon = "aws-cloud-controller.addons.k8s.io-k8s-1.18" awsEBSCSIAddon = "aws-ebs-csi-driver.addons.k8s.io-k8s-1.17" - leaderElectionAddon = "leader-migration.rbac.addons.k8s.io-k8s-1.23" + calicoAddon = "networking.projectcalico.org-k8s-1.23" certManagerAddon = "certmanager.io-k8s-1.16" + ciliumAddon = "networking.cilium.io-k8s-1.16" + dnsControllerAddon = "dns-controller.addons.k8s.io-k8s-1.12" + leaderElectionAddon = "leader-migration.rbac.addons.k8s.io-k8s-1.23" ) // TestMinimal runs the test on a minimum configuration, similar to kops create cluster minimal.example.com --zones us-west-1a @@ -325,7 +327,7 @@ func TestMinimalIPv6Private(t *testing.T) { // TestMinimalIPv6Calico runs the test on a minimum IPv6 configuration with Calico func TestMinimalIPv6Calico(t *testing.T) { newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6-calico"). - withAddons(awsCCMAddon, awsEBSCSIAddon, calicoAddon, dnsControllerAddon). + withAddons(calicoAddon, awsCCMAddon, awsEBSCSIAddon, dnsControllerAddon, leaderElectionAddon). runTestTerraformAWS(t) newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6-calico").runTestCloudformation(t) } @@ -405,21 +407,17 @@ func TestPrivateFlannel(t *testing.T) { runTestTerraformAWS(t) } -const calicoAddon = "networking.projectcalico.org-k8s-1.16" - // TestPrivateCalico runs the test on a configuration with private topology, calico networking func TestPrivateCalico(t *testing.T) { newIntegrationTest("privatecalico.example.com", "privatecalico"). withPrivate(). - withAddons(calicoAddon, dnsControllerAddon). + withAddons(calicoAddon, awsCCMAddon, awsEBSCSIAddon, dnsControllerAddon, leaderElectionAddon). runTestTerraformAWS(t) newIntegrationTest("privatecalico.example.com", "privatecalico"). withPrivate(). runTestCloudformation(t) } -const ciliumAddon = "networking.cilium.io-k8s-1.16" - func TestPrivateCilium(t *testing.T) { newIntegrationTest("privatecilium.example.com", "privatecilium"). withPrivate(). diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml index c5cd270afa..290532cc8d 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-calico/in-v1alpha2.yaml @@ -8,12 +8,6 @@ spec: loadBalancer: type: Public class: Network - kubernetesApiAccess: - - 0.0.0.0/0 - - ::/0 - sshAccess: - - 0.0.0.0/0 - - ::/0 channel: stable cloudConfig: awsEBSCSIDriver: @@ -30,25 +24,33 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - iam: {} + iam: + allowContainerRegistry: true + legacy: false kubelet: anonymousAuth: false - kubernetesVersion: v1.21.0 + kubernetesApiAccess: + - 0.0.0.0/0 + - ::/0 + kubernetesVersion: v1.24.0 masterInternalName: api.internal.minimal-ipv6.example.com masterPublicName: api.minimal-ipv6.example.com networkCIDR: 172.20.0.0/16 networking: calico: {} nonMasqueradeCIDR: ::/0 - topology: - masters: public - nodes: public + sshAccess: + - 0.0.0.0/0 + - ::/0 subnets: - cidr: 172.20.32.0/19 ipv6CIDR: 2001:db8:0:111::/64 name: us-test-1a type: Public zone: us-test-1a + topology: + masters: public + nodes: public --- @@ -56,34 +58,42 @@ apiVersion: kops.k8s.io/v1alpha2 kind: InstanceGroup metadata: creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes labels: kops.k8s.io/cluster: minimal-ipv6.example.com -spec: - associatePublicIp: true - image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal-ipv6.example.com spec: - associatePublicIp: true image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: m3.medium + instanceMetadata: + httpPutResponseHopLimit: 1 + httpTokens: required + machineType: t3.medium maxSize: 1 minSize: 1 + nodeLabels: + kops.k8s.io/instancegroup: master-us-test-1a role: Master subnets: - us-test-1a + +--- + +apiVersion: kops.k8s.io/v1alpha2 +kind: InstanceGroup +metadata: + creationTimestamp: "2016-12-10T22:42:28Z" + labels: + kops.k8s.io/cluster: minimal-ipv6.example.com + name: nodes +spec: + image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 + instanceMetadata: + httpPutResponseHopLimit: 3 + httpTokens: required + machineType: t3.medium + maxSize: 1 + minSize: 1 + nodeLabels: + kops.k8s.io/instancegroup: nodes + role: Node + subnets: + - us-test-1a diff --git a/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml index 0458aeaa46..f24b22e8b2 100644 --- a/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecalico/in-v1alpha2.yaml @@ -4,9 +4,11 @@ metadata: creationTimestamp: "2016-12-12T04:13:14Z" name: privatecalico.example.com spec: - kubernetesApiAccess: - - 0.0.0.0/0 channel: stable + cloudConfig: + awsEBSCSIDriver: + enabled: true + cloudControllerManager: {} cloudProvider: aws configBase: memfs://clusters.example.com/privatecalico.example.com etcdClusters: @@ -18,10 +20,15 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: events - iam: {} + iam: + allowContainerRegistry: true + legacy: false kubelet: anonymousAuth: false - kubernetesVersion: v1.21.0 + kubernetesApiAccess: + - 0.0.0.0/0 + - ::/0 + kubernetesVersion: v1.24.0 masterInternalName: api.internal.privatecalico.example.com masterPublicName: api.privatecalico.example.com networkCIDR: 172.20.0.0/16 @@ -30,9 +37,7 @@ spec: nonMasqueradeCIDR: 100.64.0.0/10 sshAccess: - 0.0.0.0/0 - topology: - masters: private - nodes: private + - ::/0 subnets: - cidr: 172.20.32.0/19 name: us-test-1a @@ -42,6 +47,9 @@ spec: name: utility-us-test-1a type: Utility zone: us-test-1a + topology: + masters: private + nodes: private --- @@ -49,13 +57,15 @@ apiVersion: kops.k8s.io/v1alpha2 kind: InstanceGroup metadata: creationTimestamp: "2016-12-12T04:13:15Z" - name: master-us-test-1a labels: kops.k8s.io/cluster: privatecalico.example.com + name: master-us-test-1a spec: - associatePublicIp: true image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: m3.medium + instanceMetadata: + httpPutResponseHopLimit: 1 + httpTokens: required + machineType: t3.medium maxSize: 1 minSize: 1 role: Master @@ -68,13 +78,15 @@ apiVersion: kops.k8s.io/v1alpha2 kind: InstanceGroup metadata: creationTimestamp: "2016-12-12T04:13:15Z" - name: nodes labels: kops.k8s.io/cluster: privatecalico.example.com + name: nodes spec: - associatePublicIp: true image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: t2.medium + instanceMetadata: + httpPutResponseHopLimit: 3 + httpTokens: required + machineType: t3.medium maxSize: 2 minSize: 2 role: Node @@ -88,13 +100,13 @@ apiVersion: kops.k8s.io/v1alpha2 kind: InstanceGroup metadata: creationTimestamp: "2016-12-14T15:32:41Z" - name: bastion labels: kops.k8s.io/cluster: privatecalico.example.com + name: bastion spec: associatePublicIp: true image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: t2.micro + machineType: t3.micro maxSize: 1 minSize: 1 role: Bastion From 105fe1a8a6c53cde0aabf89c6dd1acff77c2b5b2 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Mon, 23 May 2022 18:37:17 +0300 Subject: [PATCH 2/5] Run hack/update-expected.sh --- .../minimal-ipv6-calico/cloudformation.json | 97 +-- .../cloudformation.json.extracted.yaml | 28 +- ...cy_masters.minimal-ipv6.example.com_policy | 21 +- ...licy_nodes.minimal-ipv6.example.com_policy | 7 + ...masters.minimal-ipv6.example.com_user_data | 20 +- ...e_nodes.minimal-ipv6.example.com_user_data | 8 +- ...s_s3_object_cluster-completed.spec_content | 24 +- ...s3_object_etcd-cluster-spec-events_content | 2 +- ...s_s3_object_etcd-cluster-spec-main_content | 2 +- ...-controller.addons.k8s.io-k8s-1.18_content | 3 +- ...-ipv6.example.com-addons-bootstrap_content | 17 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 +- ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 ++ ...orking.projectcalico.org-k8s-1.23_content} | 264 +++++- ...ect_nodeupconfig-master-us-test-1a_content | 28 +- .../aws_s3_object_nodeupconfig-nodes_content | 25 +- .../minimal-ipv6-calico/kubernetes.tf | 75 +- .../privatecalico/cloudformation.json | 198 ++--- .../cloudformation.json.extracted.yaml | 62 +- ...y_masters.privatecalico.example.com_policy | 87 +- ...icy_nodes.privatecalico.example.com_policy | 7 + ...asters.privatecalico.example.com_user_data | 46 +- ..._nodes.privatecalico.example.com_user_data | 16 +- ...s_s3_object_cluster-completed.spec_content | 58 +- ...s3_object_etcd-cluster-spec-events_content | 2 +- ...s_s3_object_etcd-cluster-spec-main_content | 2 +- ...ect_nodeupconfig-master-us-test-1a_content | 37 +- .../aws_s3_object_nodeupconfig-nodes_content | 29 +- ...-controller.addons.k8s.io-k8s-1.18_content | 238 ++++++ ...-csi-driver.addons.k8s.io-k8s-1.17_content | 777 ++++++++++++++++++ ...alico.example.com-addons-bootstrap_content | 31 +- ...-controller.addons.k8s.io-k8s-1.16_content | 2 +- ...ration.rbac.addons.k8s.io-k8s-1.23_content | 52 ++ ...orking.projectcalico.org-k8s-1.23_content} | 262 +++++- ...-storage-aws.addons.k8s.io-v1.15.0_content | 22 +- .../privatecalico/kubernetes.tf | 117 +-- 36 files changed, 2186 insertions(+), 534 deletions(-) create mode 100644 tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content rename tests/integration/update_cluster/minimal-ipv6-calico/data/{aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content => aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content} (94%) create mode 100644 tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content create mode 100644 tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content create mode 100644 tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content rename tests/integration/update_cluster/privatecalico/data/{aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content => aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content} (94%) diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json b/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json index fd59682e88..66da6103e6 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json +++ b/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json @@ -33,26 +33,21 @@ "Value": "master-us-test-1a.masters.minimal-ipv6.example.com", "PropagateAtLaunch": true }, + { + "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", + "Value": "master-us-test-1a", + "PropagateAtLaunch": true + }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "", "PropagateAtLaunch": true }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "master", - "PropagateAtLaunch": true - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "", "PropagateAtLaunch": true }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "Value": "", - "PropagateAtLaunch": true - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "", @@ -111,8 +106,8 @@ ] } }, - "MaxSize": "2", - "MinSize": "2", + "MaxSize": "1", + "MinSize": "1", "VPCZoneIdentifier": [ { "Ref": "AWSEC2Subnetustest1aminimalipv6examplecom" @@ -130,8 +125,8 @@ "PropagateAtLaunch": true }, { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node", + "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", + "Value": "nodes", "PropagateAtLaunch": true }, { @@ -250,10 +245,6 @@ "DeleteOnTermination": true, "Encrypted": true } - }, - { - "DeviceName": "/dev/sdc", - "VirtualName": "ephemeral0" } ], "IamInstanceProfile": { @@ -262,11 +253,11 @@ } }, "ImageId": "ami-12345678", - "InstanceType": "m3.medium", + "InstanceType": "t3.medium", "KeyName": "kubernetes.minimal-ipv6.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "Monitoring": { "Enabled": false @@ -296,22 +287,18 @@ "Key": "Name", "Value": "master-us-test-1a.masters.minimal-ipv6.example.com" }, + { + "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", + "Value": "master-us-test-1a" + }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "master" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "Value": "" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "" @@ -341,22 +328,18 @@ "Key": "Name", "Value": "master-us-test-1a.masters.minimal-ipv6.example.com" }, + { + "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", + "Value": "master-us-test-1a" + }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "master" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "Value": "" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "" @@ -404,11 +387,11 @@ } }, "ImageId": "ami-12345678", - "InstanceType": "t2.medium", + "InstanceType": "t3.medium", "KeyName": "kubernetes.minimal-ipv6.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { - "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpPutResponseHopLimit": 3, + "HttpTokens": "required" }, "Monitoring": { "Enabled": false @@ -439,8 +422,8 @@ "Value": "nodes.minimal-ipv6.example.com" }, { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node" + "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", + "Value": "nodes" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", @@ -472,8 +455,8 @@ "Value": "nodes.minimal-ipv6.example.com" }, { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node" + "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", + "Value": "nodes" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", @@ -1423,13 +1406,6 @@ "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", "ec2:AssignIpv6Addresses", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", @@ -1443,20 +1419,20 @@ "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVolume", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterTargets", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:DescribeKey", @@ -1576,6 +1552,13 @@ "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json.extracted.yaml index da61cdf5a1..0f2b1441a9 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/minimal-ipv6-calico/cloudformation.json.extracted.yaml @@ -135,15 +135,15 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true encryptionConfig: null etcdClusters: events: - version: 3.4.13 + version: 3.5.4 main: - version: 3.4.13 + version: 3.5.4 kubeAPIServer: allowPrivileged: true anonymousAuth: false @@ -170,7 +170,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.21.0 + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -201,20 +201,20 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.21.0 + image: registry.k8s.io/kube-controller-manager:v1.24.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubeScheduler: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.21.0 + image: registry.k8s.io/kube-scheduler:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -232,9 +232,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s masterKubelet: @@ -251,9 +251,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -265,7 +265,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalipv6examplecom.Propert ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: Master - NodeupConfigHash: MK0ADjiimAJft3zga357N1BVO5pDNmYLFsWDE8ejK2Q= + NodeupConfigHash: MBtPdYem3jr0OrwuTXnCWCDdA1tVBlNyFRg7sn26fds= __EOF_KUBE_ENV @@ -408,12 +408,12 @@ Resources.AWSEC2LaunchTemplatenodesminimalipv6examplecom.Properties.LaunchTempla containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubelet: anonymousAuth: false @@ -429,9 +429,9 @@ Resources.AWSEC2LaunchTemplatenodesminimalipv6examplecom.Properties.LaunchTempla InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -442,7 +442,7 @@ Resources.AWSEC2LaunchTemplatenodesminimalipv6examplecom.Properties.LaunchTempla ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: nodes InstanceGroupRole: Node - NodeupConfigHash: jycf2UcZw5xd4lE+V/y/LowQ7qd9dg7399iHXUaYxF0= + NodeupConfigHash: bj/aCfw/GsuQbjywSyLjG0xl9bAo8+ZXkgr+63Q5l9s= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index 1c55cb9726..da8d6112a8 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -170,13 +170,6 @@ "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", "ec2:AssignIpv6Addresses", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", @@ -190,20 +183,20 @@ "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVolume", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterTargets", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:DescribeKey", diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy index c2e67b889c..51663fc7cd 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy @@ -32,6 +32,13 @@ "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data index b5bdd854d6..9c5bceab20 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_master-us-test-1a.masters.minimal-ipv6.example.com_user_data @@ -134,15 +134,15 @@ cloudConfig: containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true encryptionConfig: null etcdClusters: events: - version: 3.4.13 + version: 3.5.4 main: - version: 3.4.13 + version: 3.5.4 kubeAPIServer: allowPrivileged: true anonymousAuth: false @@ -169,7 +169,7 @@ kubeAPIServer: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.21.0 + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -200,20 +200,20 @@ kubeControllerManager: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.21.0 + image: registry.k8s.io/kube-controller-manager:v1.24.0 leaderElection: leaderElect: true logLevel: 2 useServiceAccountCredentials: true kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubeScheduler: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.21.0 + image: registry.k8s.io/kube-scheduler:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -231,9 +231,9 @@ kubelet: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s masterKubelet: @@ -250,9 +250,9 @@ masterKubelet: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -264,7 +264,7 @@ CloudProvider: aws ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: Master -NodeupConfigHash: MK0ADjiimAJft3zga357N1BVO5pDNmYLFsWDE8ejK2Q= +NodeupConfigHash: MBtPdYem3jr0OrwuTXnCWCDdA1tVBlNyFRg7sn26fds= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data index 0f885110a0..ac56824a68 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_launch_template_nodes.minimal-ipv6.example.com_user_data @@ -134,12 +134,12 @@ cloudConfig: containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubelet: anonymousAuth: false @@ -155,9 +155,9 @@ kubelet: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -168,7 +168,7 @@ CloudProvider: aws ConfigBase: memfs://clusters.example.com/minimal-ipv6.example.com InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: jycf2UcZw5xd4lE+V/y/LowQ7qd9dg7399iHXUaYxF0= +NodeupConfigHash: bj/aCfw/GsuQbjywSyLjG0xl9bAo8+ZXkgr+63Q5l9s= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content index 38796df796..e233000f02 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_cluster-completed.spec_content @@ -24,7 +24,8 @@ spec: clusterCIDR: ::/0 clusterName: minimal-ipv6.example.com configureCloudRoutes: false - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.21.0-alpha.0 + enableLeaderMigration: true + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0 leaderElection: leaderElect: true cloudProvider: aws @@ -34,7 +35,7 @@ spec: containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 dnsZone: Z1AFAKE1ZON3YO docker: skipInstall: true @@ -45,17 +46,18 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: main - version: 3.4.13 + version: 3.5.4 - backups: backupStore: memfs://clusters.example.com/minimal-ipv6.example.com/backups/etcd/events etcdMembers: - instanceGroup: master-us-test-1a name: us-test-1a name: events - version: 3.4.13 + version: 3.5.4 externalDns: provider: dns-controller iam: + allowContainerRegistry: true legacy: false keyStore: memfs://clusters.example.com/minimal-ipv6.example.com/pki kubeAPIServer: @@ -84,7 +86,7 @@ spec: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.21.0 + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -115,7 +117,7 @@ spec: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-controller-manager:v1.21.0 + image: registry.k8s.io/kube-controller-manager:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -138,13 +140,13 @@ spec: - fd00:ec2::253 kubeProxy: cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubeScheduler: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-scheduler:v1.21.0 + image: registry.k8s.io/kube-scheduler:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -162,15 +164,15 @@ spec: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - ::/0 - kubernetesVersion: 1.21.0 + kubernetesVersion: 1.24.0 masterInternalName: api.internal.minimal-ipv6.example.com masterKubelet: anonymousAuth: false @@ -186,9 +188,9 @@ spec: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-events_content index bb8ddb0e2e..06759fa2b2 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-events_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-events_content @@ -1,4 +1,4 @@ { "memberCount": 1, - "etcdVersion": "3.4.13" + "etcdVersion": "3.5.4" } diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-main_content index bb8ddb0e2e..06759fa2b2 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-main_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_etcd-cluster-spec-main_content @@ -1,4 +1,4 @@ { "memberCount": 1, - "etcdVersion": "3.4.13" + "etcdVersion": "3.5.4" } diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content index fa1f8e83e8..7df02444b8 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -36,6 +36,7 @@ spec: - --cluster-cidr=::/0 - --cluster-name=minimal-ipv6.example.com - --configure-cloud-routes=false + - --enable-leader-migration=true - --leader-elect=true - --v=2 - --cloud-provider=aws @@ -44,7 +45,7 @@ spec: env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 - image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.21.0-alpha.0 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0 imagePullPolicy: IfNotPresent name: aws-cloud-controller-manager resources: diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index 9964122251..f902f522e2 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: 5b7e53ee665b7e270177015b871983a7007453b46ea1f2a2f22065599f84acc8 + manifestHash: e821fd386a318a8c09073db77ec873aa0d886b3d696ecdd0457098c6df415749 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -32,6 +32,13 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 + - id: k8s-1.23 + manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml + manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 + name: leader-migration.rbac.addons.k8s.io + selector: + k8s-addon: leader-migration.rbac.addons.k8s.io + version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -52,16 +59,16 @@ spec: selector: k8s-addon: storage-aws.addons.k8s.io version: 9.99.0 - - id: k8s-1.16 - manifest: networking.projectcalico.org/k8s-1.16.yaml - manifestHash: d58f4bf07be4093602410eeffd47a37125a74dfb2afd654a6d154c5017010e7a + - id: k8s-1.23 + manifest: networking.projectcalico.org/k8s-1.23.yaml + manifestHash: 668665e8c8cddfd1e660e2f80831c3277d88d3cea36dc9051ed4e15a9c0749c3 name: networking.projectcalico.org selector: role.kubernetes.io/networking: "1" version: 9.99.0 - id: k8s-1.18 manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml - manifestHash: b81b968335bd806a35ab6a455a7a682cb03b6723fcf0a0061b1206661d1163ba + manifestHash: f0de0a1dc002589f04dfd37c587f2ab60c37389ad8377cc4bd00ccfa178a00a6 name: aws-cloud-controller.addons.k8s.io selector: k8s-addon: aws-cloud-controller.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 44dce445e6..b3907091f2 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -1,7 +1,7 @@ apiVersion: v1 data: config.yaml: | - {"cloud":"aws","configBase":"memfs://clusters.example.com/minimal-ipv6.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal-ipv6.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]},"enableCloudIPAM":true} + {"cloud":"aws","configBase":"memfs://clusters.example.com/minimal-ipv6.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.minimal-ipv6.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true},"enableCloudIPAM":true} kind: ConfigMap metadata: creationTimestamp: null diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content new file mode 100644 index 0000000000..11ed6d46fd --- /dev/null +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: leader-migration.rbac.addons.k8s.io + name: system::leader-locking-migration + namespace: kube-system +rules: +- apiGroups: + - coordination.k8s.io + resourceNames: + - cloud-provider-extraction-migration + resources: + - leases + verbs: + - create + - list + - get + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: leader-migration.rbac.addons.k8s.io + name: system::leader-locking-migration + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: system::leader-locking-migration +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: system:kube-controller-manager +- kind: ServiceAccount + name: kube-controller-manager + namespace: kube-system +- kind: ServiceAccount + name: aws-cloud-controller-manager + namespace: kube-system +- kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content similarity index 94% rename from tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content rename to tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content index f902339984..5407dbb3f0 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content @@ -17,7 +17,7 @@ data: "assign_ipv4": "false", "assign_ipv6": "true", "type": "host-local", - "ranges": [[{ "subnet": "usePodCidr" }]] + "ranges": [[{ "subnet": "usePodCidrIPv6" }]] }, "policy": { "type": "k8s" @@ -94,6 +94,12 @@ spec: 64512]' format: int32 type: integer + bindMode: + description: BindMode indicates whether to listen for BGP connections + on all addresses (None) or only on the node's canonical IP address + Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen + for BGP connections on all addresses. + type: string communities: description: Communities is a list of BGP community values and their arbitrary names for tagging routes. @@ -124,6 +130,37 @@ spec: description: 'LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: INFO]' type: string + nodeMeshMaxRestartTime: + description: Time to allow for software restart for node-to-mesh peerings. When + specified, this is configured as the graceful restart timeout. When + not specified, the BIRD default of 120s is used. This field can + only be set on the default BGPConfiguration instance and requires + that NodeMesh is enabled + type: string + nodeMeshPassword: + description: Optional BGP password for full node-to-mesh peerings. + This field can only be set on the default BGPConfiguration instance + and requires that NodeMesh is enabled + properties: + secretKeyRef: + description: Selects a key of a secret in the node pod's namespace. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + type: object nodeToNodeMeshEnabled: description: 'NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled. [Default: true]' @@ -261,6 +298,12 @@ spec: description: Selector for the nodes that should have this peering. When this is set, the Node field must be empty. type: string + numAllowedLocalASNumbers: + description: Maximum number of local AS numbers that are allowed in + the AS path for received routes. This removes BGP loop prevention + and should only be used if absolutely necesssary. + format: int32 + type: integer password: description: Optional BGP password for the peerings generated by this BGPPeer resource. @@ -808,6 +851,11 @@ spec: description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. [Default: false]' type: boolean + bpfEnforceRPF: + description: 'BPFEnforceRPF enforce strict RPF on all interfaces with + BPF programs regardless of what is the per-interfaces or global + setting. Possible values are Disabled or Strict. [Default: Strict]' + type: string bpfExtToServiceConnmark: description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local @@ -847,6 +895,51 @@ spec: logs are emitted to the BPF trace pipe, accessible with the command `tc exec bpf debug`. [Default: Off].' type: string + bpfMapSizeConntrack: + description: 'BPFMapSizeConntrack sets the size for the conntrack + map. This map must be large enough to hold an entry for each active + connection. Warning: changing the size of the conntrack map can + cause disruption.' + type: integer + bpfMapSizeIPSets: + description: BPFMapSizeIPSets sets the size for ipsets map. The IP + sets map must be large enough to hold an entry for each endpoint + matched by every selector in the source/destination matches in network + policy. Selectors such as "all()" can result in large numbers of + entries (one entry per endpoint in that case). + type: integer + bpfMapSizeNATAffinity: + type: integer + bpfMapSizeNATBackend: + description: BPFMapSizeNATBackend sets the size for nat back end map. + This is the total number of endpoints. This is mostly more than + the size of the number of services. + type: integer + bpfMapSizeNATFrontend: + description: BPFMapSizeNATFrontend sets the size for nat front end + map. FrontendMap should be large enough to hold an entry for each + nodeport, external IP and each port in each service. + type: integer + bpfMapSizeRoute: + description: BPFMapSizeRoute sets the size for the routes map. The + routes map should be large enough to hold one entry per workload + and a handful of entries per host (enough to cover its own IPs and + tunnel IPs). + type: integer + bpfPSNATPorts: + anyOf: + - type: integer + - type: string + description: 'BPFPSNATPorts sets the range from which we randomly + pick a port if there is a source port collision. This should be + within the ephemeral range as defined by RFC 6056 (1024–65535) and + preferably outside the ephemeral ranges used by common operating + systems. Linux uses 32768–60999, while others mostly use the IANA + defined range 49152–65535. It is not necessarily a problem if this + range overlaps with the operating systems. Both ends of the range + are inclusive. [Default: 20000:29999]' + pattern: ^.* + x-kubernetes-int-or-string: true chainInsertMode: description: 'ChainInsertMode controls whether Felix hooks the kernel''s top-level iptables chains by inserting a rule at the top of the @@ -857,6 +950,15 @@ spec: Calico policy will be bypassed. [Default: insert]' type: string dataplaneDriver: + description: DataplaneDriver filename of the external dataplane driver + to use. Only used if UseInternalDataplaneDriver is set to false. + type: string + dataplaneWatchdogTimeout: + description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout + used for Felix''s (internal) dataplane driver. Increase this value + if you experience spurious non-ready or non-live events when Felix + is under heavy load. Decrease the value to get felix to report non-live + or non-ready more quickly. [Default: 90s]' type: string debugDisableLogDropping: type: boolean @@ -885,9 +987,14 @@ spec: routes, by default this will be RTPROT_BOOT when left blank. type: integer deviceRouteSourceAddress: - description: This is the source address to use on programmed device - routes. By default the source address is left blank, leaving the - kernel to choose the source address used. + description: This is the IPv4 source address to use on programmed + device routes. By default the source address is left blank, leaving + the kernel to choose the source address used. + type: string + deviceRouteSourceAddressIPv6: + description: This is the IPv6 source address to use on programmed + device routes. By default the source address is left blank, leaving + the kernel to choose the source address used. type: string disableConntrackInvalidCheck: type: boolean @@ -961,6 +1068,14 @@ spec: "true" or "false" will force the feature, empty or omitted values are auto-detected. type: string + floatingIPs: + default: Disabled + description: FloatingIPs configures whether or not Felix will program + floating IP addresses. + enum: + - Enabled + - Disabled + type: string genericXDPEnabled: description: 'GenericXDPEnabled enables Generic XDP so network cards that don''t support XDP offload or driver modes can use XDP. This @@ -998,6 +1113,9 @@ spec: disabled by setting the interval to 0. type: string ipipEnabled: + description: 'IPIPEnabled overrides whether Felix should configure + an IPIP interface on the host. Optional as Felix determines this + based on the existing IP pools. [Default: nil (unset)]' type: boolean ipipMTU: description: 'IPIPMTU is the MTU to set on the tunnel device. See @@ -1064,6 +1182,8 @@ spec: usage. [Default: 10s]' type: string ipv6Support: + description: IPv6Support controls whether Felix enables support for + IPv6 (if supported by the in-use dataplane). type: boolean kubeNodePortRanges: description: 'KubeNodePortRanges holds list of port ranges used for @@ -1077,6 +1197,12 @@ spec: pattern: ^.* x-kubernetes-int-or-string: true type: array + logDebugFilenameRegex: + description: LogDebugFilenameRegex controls which source code files + have their Debug log output included in the logs. Only logs from + files with names that match the given regular expression are included. The + filter only applies to Debug level logs. + type: string logFilePath: description: 'LogFilePath is the full path to the Felix log. Set to none to disable file logging. [Default: /var/log/calico/felix.log]' @@ -1206,9 +1332,9 @@ spec: routes. - CalicoIPAM: the default - use IPAM data to construct routes.' type: string routeTableRange: - description: Calico programs additional Linux route tables for various - purposes. RouteTableRange specifies the indices of the route tables - that Calico should use. + description: Deprecated in favor of RouteTableRanges. Calico programs + additional Linux route tables for various purposes. RouteTableRange + specifies the indices of the route tables that Calico should use. properties: max: type: integer @@ -1218,6 +1344,21 @@ spec: - max - min type: object + routeTableRanges: + description: Calico programs additional Linux route tables for various + purposes. RouteTableRanges specifies a set of table index ranges + that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`. + items: + properties: + max: + type: integer + min: + type: integer + required: + - max + - min + type: object + type: array serviceLoopPrevention: description: 'When service IP advertisement is enabled, prevent routing loops to service IPs that are not in use, by dropping or rejecting @@ -1245,12 +1386,22 @@ spec: Felix makes reports. [Default: 86400s]' type: string useInternalDataplaneDriver: + description: UseInternalDataplaneDriver, if true, Felix will use its + internal dataplane programming logic. If false, it will launch + an external dataplane driver and communicate with it over protobuf. type: boolean vxlanEnabled: + description: 'VXLANEnabled overrides whether Felix should create the + VXLAN tunnel device for VXLAN networking. Optional as Felix determines + this based on the existing IP pools. [Default: nil (unset)]' type: boolean vxlanMTU: - description: 'VXLANMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' + description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel + device. See Configuring MTU [Default: 1410]' + type: integer + vxlanMTUV6: + description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel + device. See Configuring MTU [Default: 1390]' type: integer vxlanPort: type: integer @@ -1268,6 +1419,10 @@ spec: description: 'WireguardInterfaceName specifies the name to use for the Wireguard interface. [Default: wg.calico]' type: string + wireguardKeepAlive: + description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive + option. Set 0 to disable. [Default: 0]' + type: string wireguardListeningPort: description: 'WireguardListeningPort controls the listening port used by Wireguard. [Default: 51820]' @@ -1280,6 +1435,12 @@ spec: description: 'WireguardRoutingRulePriority controls the priority value to use for the Wireguard routing rule. [Default: 99]' type: integer + workloadSourceSpoofing: + description: WorkloadSourceSpoofing controls whether pods can use + the allowedSourcePrefixes annotation to send traffic with a source + IP address that is not theirs. This is disabled by default. When + set to "Any", pods can request any prefix. + type: string xdpEnabled: description: 'XDPEnabled enables XDP acceleration for suitable untracked incoming deny rules. [Default: true]' @@ -2376,13 +2537,25 @@ spec: resource. properties: affinity: + description: Affinity of the block, if this block has one. If set, + it will be of the form "host:". If not set, this block + is not affine to a host. type: string allocations: + description: Array of allocations in-use within this block. nil entries + mean the allocation is free. For non-nil entries at index i, the + index is the ordinal of the allocation within this block and the + value is the index of the associated attributes in the Attributes + array. items: nullable: true type: integer type: array attributes: + description: Attributes is an array of arbitrary metadata associated + with allocations in the block. To find attributes for a given allocation, + use the value of the allocation's entry in the Allocations array + as the index of the element in this array. items: properties: handle_id: @@ -2394,12 +2567,38 @@ spec: type: object type: array cidr: + description: The block's CIDR. type: string deleted: + description: Deleted is an internal boolean used to workaround a limitation + in the Kubernetes API whereby deletion will not return a conflict + error if the block has been updated. It should not be set manually. type: boolean + sequenceNumber: + default: 0 + description: We store a sequence number that is updated each time + the block is written. Each allocation will also store the sequence + number of the block at the time of its creation. When releasing + an IP, passing the sequence number associated with the allocation + allows us to protect against a race condition and ensure the IP + hasn't been released and re-allocated since the release request. + format: int64 + type: integer + sequenceNumberForAllocation: + additionalProperties: + format: int64 + type: integer + description: Map of allocated ordinal within the block to sequence + number of the block at the time of allocation. Kubernetes does not + allow numerical keys for maps, so the key is cast to a string. + type: object strictAffinity: + description: StrictAffinity on the IPAMBlock is deprecated and no + longer used by the code. Use IPAMConfig StrictAffinity instead. type: boolean unallocated: + description: Unallocated is an ordered list of allocations which are + free in the block. items: type: integer type: array @@ -2591,13 +2790,13 @@ spec: type: array blockSize: description: The block size to use for IP address assignments from - this pool. Defaults to 26 for IPv4 and 112 for IPv6. + this pool. Defaults to 26 for IPv4 and 122 for IPv6. type: integer cidr: description: The pool CIDR. type: string disableBGPExport: - description: 'Disable exporting routes from this IP Pool’s CIDR over + description: 'Disable exporting routes from this IP Pool''s CIDR over BGP. [Default: false]' type: boolean disabled: @@ -2664,6 +2863,8 @@ status: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) creationTimestamp: null labels: addon.kops.k8s.io/name: networking.projectcalico.org @@ -2824,6 +3025,11 @@ spec: type: string type: object type: object + debugProfilePort: + description: DebugProfilePort configures the port to serve memory + and cpu profiles on. If not specified, profiling is disabled. + format: int32 + type: integer etcdV3CompactionPeriod: description: 'EtcdV3CompactionPeriod is the period between etcdv3 compaction requests. Set to 0 to disable. [Default: 10m]' @@ -2934,6 +3140,11 @@ spec: type: string type: object type: object + debugProfilePort: + description: DebugProfilePort configures the port to serve memory + and cpu profiles on. If not specified, profiling is disabled. + format: int32 + type: integer etcdV3CompactionPeriod: description: 'EtcdV3CompactionPeriod is the period between etcdv3 compaction requests. Set to 0 to disable. [Default: 10m]' @@ -3895,7 +4106,6 @@ rules: - apiGroups: - crd.projectcalico.org resources: - - ippools - ipreservations verbs: - list @@ -3912,6 +4122,13 @@ rules: - update - delete - watch +- apiGroups: + - crd.projectcalico.org + resources: + - ippools + verbs: + - list + - watch - apiGroups: - crd.projectcalico.org resources: @@ -3928,8 +4145,10 @@ rules: - clusterinformations verbs: - get + - list - create - update + - watch - apiGroups: - crd.projectcalico.org resources: @@ -4248,7 +4467,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/node:v3.21.5 + image: docker.io/calico/node:v3.23.0 lifecycle: preStop: exec: @@ -4320,7 +4539,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.21.5 + image: docker.io/calico/cni:v3.23.0 name: upgrade-ipam securityContext: privileged: true @@ -4354,7 +4573,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.21.5 + image: docker.io/calico/cni:v3.23.0 name: install-cni securityContext: privileged: true @@ -4363,13 +4582,6 @@ spec: name: cni-bin-dir - mountPath: /host/etc/cni/net.d name: cni-net-dir - - image: docker.io/calico/pod2daemon-flexvol:v3.21.5 - name: flexvol-driver - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/driver - name: flexvol-driver-host nodeSelector: kubernetes.io/os: linux priorityClassName: system-node-critical @@ -4416,10 +4628,6 @@ spec: path: /var/run/nodeagent type: DirectoryOrCreate name: policysync - - hostPath: - path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds - type: DirectoryOrCreate - name: flexvol-driver-host updateStrategy: rollingUpdate: maxUnavailable: 1 @@ -4473,7 +4681,7 @@ spec: value: node - name: DATASTORE_TYPE value: kubernetes - image: docker.io/calico/kube-controllers:v3.21.5 + image: docker.io/calico/kube-controllers:v3.23.0 livenessProbe: exec: command: @@ -4517,7 +4725,7 @@ metadata: --- -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: creationTimestamp: null diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index 3e8b6f0200..109a626abe 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -25,7 +25,7 @@ APIServerConfig: featureGates: CSIMigrationAWS: "true" InTreePluginAWSUnregister: "true" - image: registry.k8s.io/kube-apiserver:v1.21.0 + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -55,17 +55,19 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet - - 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl - - 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz - - f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz + - 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet + - 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl + - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz + - e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64 - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet - - a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl - - ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz - - 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz + - 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet + - 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl + - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz + - 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64 - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 CAs: @@ -247,15 +249,14 @@ KubeletConfig: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nodeLabels: + kops.k8s.io/instancegroup: master-us-test-1a kops.k8s.io/kops-controller-pki: "" - kubernetes.io/role: master node-role.kubernetes.io/control-plane: "" - node-role.kubernetes.io/master: "" node.kubernetes.io/exclude-from-external-load-balancers: "" podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -264,10 +265,11 @@ channels: - memfs://clusters.example.com/minimal-ipv6.example.com/addons/bootstrap-channel.yaml containerdConfig: logLevel: info - version: 1.4.12 + version: 1.6.4 etcdManifests: - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/main.yaml - memfs://clusters.example.com/minimal-ipv6.example.com/manifests/etcd/events.yaml staticManifests: - key: kube-apiserver-healthcheck path: manifests/static/kube-apiserver-healthcheck.yaml +useInstanceIDForNodeName: true diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content index 5469bd9301..abb535588e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,14 +1,16 @@ Assets: amd64: - - 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet - - 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl - - 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz - - f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz + - 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet + - 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl + - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz + - e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64 arm64: - - 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet - - a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl - - ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz - - 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz + - 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet + - 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl + - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz + - 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64 CAs: kubernetes-ca: | -----BEGIN CERTIFICATE----- @@ -51,12 +53,12 @@ KubeletConfig: InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nodeLabels: - kubernetes.io/role: node + kops.k8s.io/instancegroup: nodes node-role.kubernetes.io/node: "" podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s UpdatePolicy: automatic @@ -64,4 +66,5 @@ channels: - memfs://clusters.example.com/minimal-ipv6.example.com/addons/bootstrap-channel.yaml containerdConfig: logLevel: info - version: 1.4.12 + version: 1.6.4 +useInstanceIDForNodeName: true diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf index 8beb058d98..43ad3cea39 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-ipv6-calico/kubernetes.tf @@ -111,26 +111,21 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-ipv6-example propagate_at_launch = true value = "master-us-test-1a.masters.minimal-ipv6.example.com" } + tag { + key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" + propagate_at_launch = true + value = "master-us-test-1a" + } tag { key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" propagate_at_launch = true value = "" } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" - propagate_at_launch = true - value = "master" - } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" propagate_at_launch = true value = "" } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" - propagate_at_launch = true - value = "" - } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" propagate_at_launch = true @@ -161,9 +156,9 @@ resource "aws_autoscaling_group" "nodes-minimal-ipv6-example-com" { id = aws_launch_template.nodes-minimal-ipv6-example-com.id version = aws_launch_template.nodes-minimal-ipv6-example-com.latest_version } - max_size = 2 + max_size = 1 metrics_granularity = "1Minute" - min_size = 2 + min_size = 1 name = "nodes.minimal-ipv6.example.com" protect_from_scale_in = false tag { @@ -177,9 +172,9 @@ resource "aws_autoscaling_group" "nodes-minimal-ipv6-example-com" { value = "nodes.minimal-ipv6.example.com" } tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" + key = "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" propagate_at_launch = true - value = "node" + value = "nodes" } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" @@ -328,15 +323,11 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c volume_type = "gp3" } } - block_device_mappings { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } iam_instance_profile { name = aws_iam_instance_profile.masters-minimal-ipv6-example-com.id } image_id = "ami-12345678" - instance_type = "m3.medium" + instance_type = "t3.medium" key_name = aws_key_pair.kubernetes-minimal-ipv6-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id lifecycle { create_before_destroy = true @@ -345,7 +336,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c http_endpoint = "enabled" http_protocol_ipv6 = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -362,10 +353,9 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "master-us-test-1a.masters.minimal-ipv6.example.com" + "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "master-us-test-1a" "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" "k8s.io/role/master" = "1" "kops.k8s.io/instancegroup" = "master-us-test-1a" @@ -377,10 +367,9 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "master-us-test-1a.masters.minimal-ipv6.example.com" + "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "master-us-test-1a" "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" "k8s.io/role/master" = "1" "kops.k8s.io/instancegroup" = "master-us-test-1a" @@ -390,10 +379,9 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-ipv6-example-c tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "master-us-test-1a.masters.minimal-ipv6.example.com" + "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "master-us-test-1a" "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" "k8s.io/role/master" = "1" "kops.k8s.io/instancegroup" = "master-us-test-1a" @@ -418,7 +406,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { name = aws_iam_instance_profile.nodes-minimal-ipv6-example-com.id } image_id = "ami-12345678" - instance_type = "t2.medium" + instance_type = "t3.medium" key_name = aws_key_pair.kubernetes-minimal-ipv6-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id lifecycle { create_before_destroy = true @@ -426,8 +414,8 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "enabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" + http_put_response_hop_limit = 3 + http_tokens = "required" } monitoring { enabled = false @@ -444,7 +432,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "nodes.minimal-ipv6.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" + "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "nodes" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/node" = "1" "kops.k8s.io/instancegroup" = "nodes" @@ -456,7 +444,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "nodes.minimal-ipv6.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" + "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "nodes" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/node" = "1" "kops.k8s.io/instancegroup" = "nodes" @@ -466,7 +454,7 @@ resource "aws_launch_template" "nodes-minimal-ipv6-example-com" { tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "nodes.minimal-ipv6.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" + "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup" = "nodes" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/node" = "1" "kops.k8s.io/instancegroup" = "nodes" @@ -724,6 +712,14 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-kubelet-api-rbac-addon server_side_encryption = "AES256" } +resource "aws_s3_object" "minimal-ipv6-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { + bucket = "testingBucket" + content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") + key = "clusters.example.com/minimal-ipv6.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" + provider = aws.files + server_side_encryption = "AES256" +} + resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-limit-range.addons.k8s.io_content") @@ -732,10 +728,10 @@ resource "aws_s3_object" "minimal-ipv6-example-com-addons-limit-range-addons-k8s server_side_encryption = "AES256" } -resource "aws_s3_object" "minimal-ipv6-example-com-addons-networking-projectcalico-org-k8s-1-16" { +resource "aws_s3_object" "minimal-ipv6-example-com-addons-networking-projectcalico-org-k8s-1-23" { bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.16_content") - key = "clusters.example.com/minimal-ipv6.example.com/addons/networking.projectcalico.org/k8s-1.16.yaml" + content = file("${path.module}/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content") + key = "clusters.example.com/minimal-ipv6.example.com/addons/networking.projectcalico.org/k8s-1.23.yaml" provider = aws.files server_side_encryption = "AES256" } @@ -987,9 +983,12 @@ resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" { } resource "aws_subnet" "us-test-1a-minimal-ipv6-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.32.0/19" - ipv6_cidr_block = "2001:db8:0:111::/64" + availability_zone = "us-test-1a" + cidr_block = "172.20.32.0/19" + enable_resource_name_dns_a_record_on_launch = true + enable_resource_name_dns_aaaa_record_on_launch = true + ipv6_cidr_block = "2001:db8:0:111::/64" + private_dns_hostname_type_on_launch = "resource-name" tags = { "KubernetesCluster" = "minimal-ipv6.example.com" "Name" = "us-test-1a.minimal-ipv6.example.com" diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index 78eadabd9c..ffa2ddf927 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -33,11 +33,6 @@ "Value": "bastion.privatecalico.example.com", "PropagateAtLaunch": true }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node", - "PropagateAtLaunch": true - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "", @@ -119,21 +114,11 @@ "Value": "", "PropagateAtLaunch": true }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "master", - "PropagateAtLaunch": true - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "", "PropagateAtLaunch": true }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "Value": "", - "PropagateAtLaunch": true - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "", @@ -210,11 +195,6 @@ "Value": "nodes.privatecalico.example.com", "PropagateAtLaunch": true }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node", - "PropagateAtLaunch": true - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "", @@ -339,7 +319,7 @@ } }, "ImageId": "ami-12345678", - "InstanceType": "t2.micro", + "InstanceType": "t3.micro", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, @@ -373,10 +353,6 @@ "Key": "Name", "Value": "bastion.privatecalico.example.com" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "" @@ -406,10 +382,6 @@ "Key": "Name", "Value": "bastion.privatecalico.example.com" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "" @@ -449,10 +421,6 @@ "DeleteOnTermination": true, "Encrypted": true } - }, - { - "DeviceName": "/dev/sdc", - "VirtualName": "ephemeral0" } ], "IamInstanceProfile": { @@ -461,11 +429,11 @@ } }, "ImageId": "ami-12345678", - "InstanceType": "m3.medium", + "InstanceType": "t3.medium", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "Monitoring": { "Enabled": false @@ -499,18 +467,10 @@ "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "master" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "Value": "" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "" @@ -544,18 +504,10 @@ "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "master" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", - "Value": "" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "" @@ -603,11 +555,11 @@ } }, "ImageId": "ami-12345678", - "InstanceType": "t2.medium", + "InstanceType": "t3.medium", "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { - "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpPutResponseHopLimit": 3, + "HttpTokens": "required" }, "Monitoring": { "Enabled": false @@ -637,10 +589,6 @@ "Key": "Name", "Value": "nodes.privatecalico.example.com" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "" @@ -670,10 +618,6 @@ "Key": "Name", "Value": "nodes.privatecalico.example.com" }, - { - "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", - "Value": "node" - }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "" @@ -957,6 +901,30 @@ "CidrIp": "0.0.0.0/0" } }, + "AWSEC2SecurityGroupIngressfrom0ingresstcp22to22bastionelbprivatecalicoexamplecom": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "GroupId": { + "Ref": "AWSEC2SecurityGroupbastionelbprivatecalicoexamplecom" + }, + "FromPort": 22, + "ToPort": 22, + "IpProtocol": "tcp", + "CidrIpv6": "::/0" + } + }, + "AWSEC2SecurityGroupIngressfrom0ingresstcp443to443apielbprivatecalicoexamplecom": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "GroupId": { + "Ref": "AWSEC2SecurityGroupapielbprivatecalicoexamplecom" + }, + "FromPort": 443, + "ToPort": 443, + "IpProtocol": "tcp", + "CidrIpv6": "::/0" + } + }, "AWSEC2SecurityGroupIngressfrombastionelbprivatecalicoexamplecomingresstcp22to22bastionprivatecalicoexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { @@ -1137,6 +1105,18 @@ "CidrIp": "0.0.0.0/0" } }, + "AWSEC2SecurityGroupIngressicmpv6pmtuapielb0": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "GroupId": { + "Ref": "AWSEC2SecurityGroupapielbprivatecalicoexamplecom" + }, + "FromPort": -1, + "ToPort": -1, + "IpProtocol": "icmpv6", + "CidrIpv6": "::/0" + } + }, "AWSEC2SecurityGroupapielbprivatecalicoexamplecom": { "Type": "AWS::EC2::SecurityGroup", "Properties": { @@ -1722,39 +1702,6 @@ "*" ] }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "privatecalico.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "privatecalico.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, { "Action": "ec2:CreateTags", "Condition": { @@ -1791,19 +1738,45 @@ "arn:aws-test:ec2:*:*:snapshot/*" ] }, + { + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "aws:RequestTag/KubernetesCluster": "privatecalico.example.com", + "ec2:CreateAction": [ + "CreateSecurityGroup" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws-test:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "Null": { + "aws:RequestTag/KubernetesCluster": "true" + }, + "StringEquals": { + "aws:ResourceTag/KubernetesCluster": "privatecalico.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws-test:ec2:*:*:security-group/*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", @@ -1816,20 +1789,20 @@ "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVolume", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterTargets", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:DescribeKey", @@ -1948,6 +1921,13 @@ "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml index 2e146a1707..0b8d1e135c 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json.extracted.yaml @@ -127,20 +127,21 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: awsEBSCSIDriver: - enabled: false + enabled: true + version: v1.6.2 manageStorageClasses: true containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true encryptionConfig: null etcdClusters: events: - version: 3.4.13 + version: 3.5.4 main: - version: 3.4.13 + version: 3.5.4 kubeAPIServer: allowPrivileged: true anonymousAuth: false @@ -149,7 +150,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope apiServerCount: 1 authorizationMode: AlwaysAllow bindAddress: 0.0.0.0 - cloudProvider: aws + cloudProvider: external enableAdmissionPlugins: - NamespaceLifecycle - LimitRanger @@ -164,7 +165,10 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -186,11 +190,14 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope kubeControllerManager: allocateNodeCIDRs: true attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: aws + cloudProvider: external clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-controller-manager:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -198,10 +205,13 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-scheduler:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -209,32 +219,38 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s masterKubelet: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -246,7 +262,7 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersprivatecalicoexamplecom.Prope ConfigBase: memfs://clusters.example.com/privatecalico.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: Master - NodeupConfigHash: XVQkcpAPIklkF28kVTF5iSiWwXvVDL1f6TBnOshBGa0= + NodeupConfigHash: oBkdCcM8vEDGJVKzTp/3baqw/4P+sUBmfaIk6xbYfBo= __EOF_KUBE_ENV @@ -380,33 +396,37 @@ Resources.AWSEC2LaunchTemplatenodesprivatecalicoexamplecom.Properties.LaunchTemp cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: awsEBSCSIDriver: - enabled: false + enabled: true + version: v1.6.2 manageStorageClasses: true containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubelet: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -417,7 +437,7 @@ Resources.AWSEC2LaunchTemplatenodesprivatecalicoexamplecom.Properties.LaunchTemp ConfigBase: memfs://clusters.example.com/privatecalico.example.com InstanceGroupName: nodes InstanceGroupRole: Node - NodeupConfigHash: 1e6MWmZgviRMbJ/23fi0wWhbA6N8CRg2muOIaP6AxkI= + NodeupConfigHash: k5kw47uYPdJVPoEkZWvltC6/czS8iMhpjnT2bDwaS6k= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy index 2b1f61c765..20fd8993a5 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy @@ -94,39 +94,6 @@ "*" ] }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "aws:RequestTag/KubernetesCluster": "privatecalico.example.com", - "ec2:CreateAction": [ - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/KubernetesCluster": "true" - }, - "StringEquals": { - "aws:ResourceTag/KubernetesCluster": "privatecalico.example.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws-test:ec2:*:*:security-group/*" - ] - }, { "Action": "ec2:CreateTags", "Condition": { @@ -163,19 +130,45 @@ "arn:aws-test:ec2:*:*:snapshot/*" ] }, + { + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "aws:RequestTag/KubernetesCluster": "privatecalico.example.com", + "ec2:CreateAction": [ + "CreateSecurityGroup" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws-test:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "Null": { + "aws:RequestTag/KubernetesCluster": "true" + }, + "StringEquals": { + "aws:ResourceTag/KubernetesCluster": "privatecalico.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws-test:ec2:*:*:security-group/*" + ] + }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", @@ -188,20 +181,20 @@ "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVolume", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterTargets", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:DescribeKey", diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy index ca5c8636d8..820043663e 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy @@ -31,6 +31,13 @@ "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data index 76d15fa862..1eaec626c7 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_master-us-test-1a.masters.privatecalico.example.com_user_data @@ -125,20 +125,21 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: awsEBSCSIDriver: - enabled: false + enabled: true + version: v1.6.2 manageStorageClasses: true containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true encryptionConfig: null etcdClusters: events: - version: 3.4.13 + version: 3.5.4 main: - version: 3.4.13 + version: 3.5.4 kubeAPIServer: allowPrivileged: true anonymousAuth: false @@ -147,7 +148,7 @@ kubeAPIServer: apiServerCount: 1 authorizationMode: AlwaysAllow bindAddress: 0.0.0.0 - cloudProvider: aws + cloudProvider: external enableAdmissionPlugins: - NamespaceLifecycle - LimitRanger @@ -162,7 +163,10 @@ kubeAPIServer: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -184,11 +188,14 @@ kubeAPIServer: kubeControllerManager: allocateNodeCIDRs: true attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: aws + cloudProvider: external clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-controller-manager:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -196,10 +203,13 @@ kubeControllerManager: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-scheduler:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -207,32 +217,38 @@ kubelet: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s masterKubelet: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -244,7 +260,7 @@ CloudProvider: aws ConfigBase: memfs://clusters.example.com/privatecalico.example.com InstanceGroupName: master-us-test-1a InstanceGroupRole: Master -NodeupConfigHash: XVQkcpAPIklkF28kVTF5iSiWwXvVDL1f6TBnOshBGa0= +NodeupConfigHash: oBkdCcM8vEDGJVKzTp/3baqw/4P+sUBmfaIk6xbYfBo= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data index c5a76e2e69..8c4849c867 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data +++ b/tests/integration/update_cluster/privatecalico/data/aws_launch_template_nodes.privatecalico.example.com_user_data @@ -125,33 +125,37 @@ ensure-install-dir cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC' cloudConfig: awsEBSCSIDriver: - enabled: false + enabled: true + version: v1.6.2 manageStorageClasses: true containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 docker: skipInstall: true kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubelet: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -162,7 +166,7 @@ CloudProvider: aws ConfigBase: memfs://clusters.example.com/privatecalico.example.com InstanceGroupName: nodes InstanceGroupRole: Node -NodeupConfigHash: 1e6MWmZgviRMbJ/23fi0wWhbA6N8CRg2muOIaP6AxkI= +NodeupConfigHash: k5kw47uYPdJVPoEkZWvltC6/czS8iMhpjnT2bDwaS6k= __EOF_KUBE_ENV diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content index c245fbae37..c9b9221fb2 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_cluster-completed.spec_content @@ -13,8 +13,18 @@ spec: channel: stable cloudConfig: awsEBSCSIDriver: - enabled: false + enabled: true + version: v1.6.2 manageStorageClasses: true + cloudControllerManager: + allocateNodeCIDRs: true + clusterCIDR: 100.64.0.0/10 + clusterName: privatecalico.example.com + configureCloudRoutes: false + enableLeaderMigration: true + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0 + leaderElection: + leaderElect: true cloudProvider: aws clusterDNSDomain: cluster.local configBase: memfs://clusters.example.com/privatecalico.example.com @@ -22,7 +32,7 @@ spec: containerRuntime: containerd containerd: logLevel: info - version: 1.4.12 + version: 1.6.4 dnsZone: Z1AFAKE1ZON3YO docker: skipInstall: true @@ -33,17 +43,18 @@ spec: - instanceGroup: master-us-test-1a name: us-test-1a name: main - version: 3.4.13 + version: 3.5.4 - backups: backupStore: memfs://clusters.example.com/privatecalico.example.com/backups/etcd/events etcdMembers: - instanceGroup: master-us-test-1a name: us-test-1a name: events - version: 3.4.13 + version: 3.5.4 externalDns: provider: dns-controller iam: + allowContainerRegistry: true legacy: false keyStore: memfs://clusters.example.com/privatecalico.example.com/pki kubeAPIServer: @@ -54,7 +65,7 @@ spec: apiServerCount: 1 authorizationMode: AlwaysAllow bindAddress: 0.0.0.0 - cloudProvider: aws + cloudProvider: external enableAdmissionPlugins: - NamespaceLifecycle - LimitRanger @@ -69,7 +80,10 @@ spec: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -91,11 +105,14 @@ spec: kubeControllerManager: allocateNodeCIDRs: true attachDetachReconcileSyncPeriod: 1m0s - cloudProvider: aws + cloudProvider: external clusterCIDR: 100.96.0.0/11 clusterName: privatecalico.example.com configureCloudRoutes: false - image: registry.k8s.io/kube-controller-manager:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-controller-manager:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -117,10 +134,13 @@ spec: kubeProxy: clusterCIDR: 100.96.0.0/11 cpuRequest: 100m - image: registry.k8s.io/kube-proxy:v1.21.0 + image: registry.k8s.io/kube-proxy:v1.24.0 logLevel: 2 kubeScheduler: - image: registry.k8s.io/kube-scheduler:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-scheduler:v1.24.0 leaderElection: leaderElect: true logLevel: 2 @@ -128,36 +148,43 @@ spec: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s kubernetesApiAccess: - 0.0.0.0/0 - kubernetesVersion: 1.21.0 + - ::/0 + kubernetesVersion: 1.24.0 masterInternalName: api.internal.privatecalico.example.com masterKubelet: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -172,6 +199,7 @@ spec: serviceClusterIPRange: 100.64.0.0/13 sshAccess: - 0.0.0.0/0 + - ::/0 subnets: - cidr: 172.20.32.0/19 name: us-test-1a diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-events_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-events_content index bb8ddb0e2e..06759fa2b2 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-events_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-events_content @@ -1,4 +1,4 @@ { "memberCount": 1, - "etcdVersion": "3.4.13" + "etcdVersion": "3.5.4" } diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-main_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-main_content index bb8ddb0e2e..06759fa2b2 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-main_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_etcd-cluster-spec-main_content @@ -1,4 +1,4 @@ { "memberCount": 1, - "etcdVersion": "3.4.13" + "etcdVersion": "3.5.4" } diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content index c8a8d79f2f..833ef24d60 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-master-us-test-1a_content @@ -7,7 +7,7 @@ APIServerConfig: apiServerCount: 1 authorizationMode: AlwaysAllow bindAddress: 0.0.0.0 - cloudProvider: aws + cloudProvider: external enableAdmissionPlugins: - NamespaceLifecycle - LimitRanger @@ -22,7 +22,10 @@ APIServerConfig: - https://127.0.0.1:4001 etcdServersOverrides: - /events#https://127.0.0.1:4002 - image: registry.k8s.io/kube-apiserver:v1.21.0 + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" + image: registry.k8s.io/kube-apiserver:v1.24.0 kubeletPreferredAddressTypes: - InternalIP - Hostname @@ -52,17 +55,19 @@ APIServerConfig: -----END RSA PUBLIC KEY----- Assets: amd64: - - 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet - - 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl - - 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz - - f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz + - 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet + - 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl + - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz + - e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64 - f90ed6dcef534e6d1ae17907dc7eb40614b8945ad4af7f0e98d2be7cde8165c6@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-amd64 - 9992e7eb2a2e93f799e5a9e98eb718637433524bc65f630357201a79f49b13d0@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/amd64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-amd64 arm64: - - 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet - - a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl - - ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz - - 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz + - 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet + - 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl + - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz + - 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64 - 2f599c3d54f4c4bdbcc95aaf0c7b513a845d8f9503ec5b34c9f86aa1bc34fc0c@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/protokube,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/protokube-linux-arm64 - 9d842e3636a95de2315cdea2be7a282355aac0658ef0b86d5dc2449066538f13@https://artifacts.k8s.io/binaries/kops/1.21.0-alpha.1/linux/arm64/channels,https://github.com/kubernetes/kops/releases/download/v1.21.0-alpha.1/channels-linux-arm64 CAs: @@ -234,22 +239,23 @@ KubeletConfig: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nodeLabels: kops.k8s.io/kops-controller-pki: "" - kubernetes.io/role: master node-role.kubernetes.io/control-plane: "" - node-role.kubernetes.io/master: "" node.kubernetes.io/exclude-from-external-load-balancers: "" podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true registerSchedulable: false shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s @@ -258,10 +264,11 @@ channels: - memfs://clusters.example.com/privatecalico.example.com/addons/bootstrap-channel.yaml containerdConfig: logLevel: info - version: 1.4.12 + version: 1.6.4 etcdManifests: - memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/main.yaml - memfs://clusters.example.com/privatecalico.example.com/manifests/etcd/events.yaml staticManifests: - key: kube-apiserver-healthcheck path: manifests/static/kube-apiserver-healthcheck.yaml +useInstanceIDForNodeName: true diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content index d43422f490..2f312dca57 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_nodeupconfig-nodes_content @@ -1,14 +1,16 @@ Assets: amd64: - - 681c81b7934ae2bf38b9f12d891683972d1fbbf6d7d97e50940a47b139d41b35@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubelet - - 9f74f2fa7ee32ad07e17211725992248470310ca1988214518806b39b1dad9f0@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/amd64/kubectl - - 977824932d5667c7a37aa6a3cbba40100a6873e7bd97e83e8be837e3e7afd0a8@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-amd64-v0.8.7.tgz - - f6120552408175ca332fd3b5d31c5edd115d8426d6731664e4ea3951c5eee3b4@https://github.com/containerd/containerd/releases/download/v1.4.12/cri-containerd-cni-1.4.12-linux-amd64.tar.gz + - 3d98ac8b4fb8dc99f9952226f2565951cc366c442656a889facc5b1b2ec2ba52@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubelet + - 94d686bb6772f6fb59e3a32beff908ab406b79acdfb2427abdc4ac3ce1bb98d7@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/amd64/kubectl + - 962100bbc4baeaaa5748cdbfce941f756b1531c2eadb290129401498bfac21e7@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz + - f23c8ac914d748f85df94d3e82d11ca89ca9fe19a220ce61b99a05b070044de0@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-amd64.tar.gz + - e0436dfc5d26ca88f00e84cbdab5801dd9829b1e5ded05dcfc162ce5718c32ce@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.amd64 arm64: - - 17832b192be5ea314714f7e16efd5e5f65347974bbbf41def6b02f68931380c4@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubelet - - a4dd7100f547a40d3e2f83850d0bab75c6ea5eb553f0a80adcf73155bef1fd0d@https://storage.googleapis.com/kubernetes-release/release/v1.21.0/bin/linux/arm64/kubectl - - ae13d7b5c05bd180ea9b5b68f44bdaa7bfb41034a2ef1d68fd8e1259797d642f@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.8.7/cni-plugins-linux-arm64-v0.8.7.tgz - - 87a4219c54552797ffd38790b72832372a90eceb7c8e451c36a682093d57dae6@https://download.docker.com/linux/static/stable/aarch64/docker-20.10.11.tgz + - 8f066c9a048dd1704bf22ccf6e994e2fa2ea1175c9768a786f6cb6608765025e@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubelet + - 449278789de283648e4076ade46816da249714f96e71567e035e9d17e1fff06d@https://storage.googleapis.com/kubernetes-release/release/v1.24.0/bin/linux/arm64/kubectl + - ef17764ffd6cdcb16d76401bac1db6acc050c9b088f1be5efa0e094ea3b01df0@https://storage.googleapis.com/k8s-artifacts-cni/release/v0.9.1/cni-plugins-linux-arm64-v0.9.1.tgz + - 0205bd1907154388dc85b1afeeb550cbb44c470ef4a290cb1daf91501c85cae6@https://github.com/containerd/containerd/releases/download/v1.6.4/containerd-1.6.4-linux-arm64.tar.gz + - 6ebd968d46d00a3886e9a0cae2e0a7b399e110cf5d7b26e63ce23c1d81ea10ef@https://github.com/opencontainers/runc/releases/download/v1.1.2/runc.arm64 CAs: kubernetes-ca: | -----BEGIN CERTIFICATE----- @@ -41,19 +43,21 @@ KubeletConfig: anonymousAuth: false cgroupDriver: systemd cgroupRoot: / - cloudProvider: aws + cloudProvider: external clusterDNS: 100.64.0.10 clusterDomain: cluster.local enableDebuggingHandlers: true evictionHard: memory.available<100Mi,nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<10%,imagefs.inodesFree<5% + featureGates: + CSIMigrationAWS: "true" + InTreePluginAWSUnregister: "true" kubeconfigPath: /var/lib/kubelet/kubeconfig logLevel: 2 - networkPluginName: cni nodeLabels: - kubernetes.io/role: node node-role.kubernetes.io/node: "" podInfraContainerImage: registry.k8s.io/pause:3.6 podManifestPath: /etc/kubernetes/manifests + protectKernelDefaults: true shutdownGracePeriod: 30s shutdownGracePeriodCriticalPods: 10s UpdatePolicy: automatic @@ -61,4 +65,5 @@ channels: - memfs://clusters.example.com/privatecalico.example.com/addons/bootstrap-channel.yaml containerdConfig: logLevel: info - version: 1.4.12 + version: 1.6.4 +useInstanceIDForNodeName: true diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content new file mode 100644 index 0000000000..104f394316 --- /dev/null +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content @@ -0,0 +1,238 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: aws-cloud-controller.addons.k8s.io + k8s-app: aws-cloud-controller-manager + name: aws-cloud-controller-manager + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: aws-cloud-controller-manager + template: + metadata: + creationTimestamp: null + labels: + k8s-app: aws-cloud-controller-manager + kops.k8s.io/managed-by: kops + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + containers: + - args: + - --allocate-node-cidrs=true + - --cluster-cidr=100.64.0.0/10 + - --cluster-name=privatecalico.example.com + - --configure-cloud-routes=false + - --enable-leader-migration=true + - --leader-elect=true + - --v=2 + - --cloud-provider=aws + - --use-service-account-credentials=true + - --cloud-config=/etc/kubernetes/cloud.config + env: + - name: KUBERNETES_SERVICE_HOST + value: 127.0.0.1 + image: registry.k8s.io/provider-aws/cloud-controller-manager:v1.24.0 + imagePullPolicy: IfNotPresent + name: aws-cloud-controller-manager + resources: + requests: + cpu: 200m + volumeMounts: + - mountPath: /etc/kubernetes/cloud.config + name: cloudconfig + readOnly: true + hostNetwork: true + nodeSelector: null + priorityClassName: system-cluster-critical + serviceAccountName: aws-cloud-controller-manager + tolerations: + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + - effect: NoSchedule + key: node.kubernetes.io/not-ready + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + - effect: NoSchedule + key: node-role.kubernetes.io/master + volumes: + - hostPath: + path: /etc/kubernetes/cloud.config + type: "" + name: cloudconfig + updateStrategy: + type: RollingUpdate + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: aws-cloud-controller.addons.k8s.io + name: aws-cloud-controller-manager + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: aws-cloud-controller.addons.k8s.io + name: cloud-controller-manager:apiserver-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- apiGroup: "" + kind: ServiceAccount + name: aws-cloud-controller-manager + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: aws-cloud-controller.addons.k8s.io + name: system:cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - '*' +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - node-controller + - service-controller + - route-controller + resources: + - serviceaccounts/token + verbs: + - create + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-cloud-controller.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: aws-cloud-controller.addons.k8s.io + name: system:cloud-controller-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager +subjects: +- apiGroup: "" + kind: ServiceAccount + name: aws-cloud-controller-manager + namespace: kube-system diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content new file mode 100644 index 0000000000..35203704fc --- /dev/null +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content @@ -0,0 +1,777 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-controller-sa + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-external-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-external-provisioner-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-external-resizer-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-external-snapshotter-role +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-attacher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-attacher-role +subjects: +- kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-provisioner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-provisioner-role +subjects: +- kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-resizer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-resizer-role +subjects: +- kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-snapshotter-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-external-snapshotter-role +subjects: +- kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-node-getter-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ebs-csi-node-role +subjects: +- kind: ServiceAccount + name: ebs-csi-node-sa + namespace: kube-system + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-node-role +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-node-sa + namespace: kube-system + +--- + +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-node + namespace: kube-system +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + creationTimestamp: null + labels: + app: ebs-csi-node + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + kops.k8s.io/managed-by: kops + spec: + containers: + - args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2 + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /csi + name: plugin-dir + - mountPath: /dev + name: device-dir + - args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock + name: node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: plugin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: ebs-csi-node-sa + tolerations: + - operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/name: aws-ebs-csi-driver + template: + metadata: + creationTimestamp: null + labels: + app: ebs-csi-controller + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + kops.k8s.io/managed-by: kops + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + - key: kubernetes.io/os + operator: In + values: + - linux + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id=privatecalico.example.com + - --extra-tags=KubernetesCluster=privatecalico.example.com + - --v=5 + env: + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + key: key_id + name: aws-secret + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + key: access_key + name: aws-secret + optional: true + image: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver:v1.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + name: ebs-plugin + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --leader-election=true + - --extra-create-metadata=true + - --default-fstype=ext4 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-provisioner:v2.2.0 + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-attacher:v3.2.0 + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: registry.k8s.io/sig-storage/csi-resizer:v1.1.0 + imagePullPolicy: Always + name: csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --csi-address=/csi/csi.sock + image: registry.k8s.io/sig-storage/livenessprobe:v2.4.0 + name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: null + priorityClassName: system-cluster-critical + serviceAccountName: ebs-csi-controller-sa + tolerations: + - operator: Exists + topologySpreadConstraints: + - labelSelector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/name: aws-ebs-csi-driver + maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + - labelSelector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/name: aws-ebs-csi-driver + maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + volumes: + - emptyDir: {} + name: socket-dir + +--- + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs.csi.aws.com +spec: + attachRequired: true + podInfoOnMount: false + +--- + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: aws-ebs-csi-driver.addons.k8s.io + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/version: v1.6.2 + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + name: ebs-csi-controller + namespace: kube-system +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/instance: aws-ebs-csi-driver diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content index 30b3a43d6f..063b3bb256 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content @@ -6,7 +6,7 @@ spec: addons: - id: k8s-1.16 manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml - manifestHash: e102ff9108d3c467a0af76145c537cca5c7e1214cb95b704063a97cc2f85092c + manifestHash: 07deb2be73150a97d3cf7f662e877771afceaf38cef66355aa3d474131183fc7 name: kops-controller.addons.k8s.io needsRollingUpdate: control-plane selector: @@ -32,6 +32,13 @@ spec: selector: k8s-addon: kubelet-api.rbac.addons.k8s.io version: 9.99.0 + - id: k8s-1.23 + manifest: leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml + manifestHash: b9c91e09c0f28c9b74ff140b8395d611834c627d698846d625c10975a74a48c4 + name: leader-migration.rbac.addons.k8s.io + selector: + k8s-addon: leader-migration.rbac.addons.k8s.io + version: 9.99.0 - manifest: limit-range.addons.k8s.io/v1.5.0.yaml manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2 name: limit-range.addons.k8s.io @@ -47,15 +54,29 @@ spec: version: 9.99.0 - id: v1.15.0 manifest: storage-aws.addons.k8s.io/v1.15.0.yaml - manifestHash: 065ae832ddac8d0931e9992d6a76f43a33a36975a38003b34f4c5d86a7d42780 + manifestHash: 4e2cda50cd5048133aad1b5e28becb60f4629d3f9e09c514a2757c27998b4200 name: storage-aws.addons.k8s.io selector: k8s-addon: storage-aws.addons.k8s.io version: 9.99.0 - - id: k8s-1.16 - manifest: networking.projectcalico.org/k8s-1.16.yaml - manifestHash: 7cce9988276da48e2c85f1c79a7871cd59d0ffff07048e9bc0b2a41914aaebfe + - id: k8s-1.23 + manifest: networking.projectcalico.org/k8s-1.23.yaml + manifestHash: 95d65cf5c44a8fc7f7d4d6e4b2b386fa74979c81c9796be4bbea0089f1e1292e name: networking.projectcalico.org selector: role.kubernetes.io/networking: "1" version: 9.99.0 + - id: k8s-1.18 + manifest: aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml + manifestHash: f8fd8d170f77a75cd976d77cbd9c9773e05bea0daf79d2a61486bcecd2354070 + name: aws-cloud-controller.addons.k8s.io + selector: + k8s-addon: aws-cloud-controller.addons.k8s.io + version: 9.99.0 + - id: k8s-1.17 + manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml + manifestHash: bd5514d9d74c87df012effac4d7c99aaea7109130857e797568d1aff9036a981 + name: aws-ebs-csi-driver.addons.k8s.io + selector: + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + version: 9.99.0 diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content index 93444e0553..47edeec0f0 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-kops-controller.addons.k8s.io-k8s-1.16_content @@ -1,7 +1,7 @@ apiVersion: v1 data: config.yaml: | - {"cloud":"aws","configBase":"memfs://clusters.example.com/privatecalico.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.privatecalico.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"]}} + {"cloud":"aws","configBase":"memfs://clusters.example.com/privatecalico.example.com","server":{"Listen":":3988","provider":{"aws":{"nodesRoles":["nodes.privatecalico.example.com"],"Region":"us-test-1"}},"serverKeyPath":"/etc/kubernetes/kops-controller/pki/kops-controller.key","serverCertificatePath":"/etc/kubernetes/kops-controller/pki/kops-controller.crt","caBasePath":"/etc/kubernetes/kops-controller/pki","signingCAs":["kubernetes-ca"],"certNames":["kubelet","kubelet-server","kube-proxy"],"useInstanceIDForNodeName":true}} kind: ConfigMap metadata: creationTimestamp: null diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content new file mode 100644 index 0000000000..11ed6d46fd --- /dev/null +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content @@ -0,0 +1,52 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: leader-migration.rbac.addons.k8s.io + name: system::leader-locking-migration + namespace: kube-system +rules: +- apiGroups: + - coordination.k8s.io + resourceNames: + - cloud-provider-extraction-migration + resources: + - leases + verbs: + - create + - list + - get + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: leader-migration.rbac.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: leader-migration.rbac.addons.k8s.io + name: system::leader-locking-migration + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: system::leader-locking-migration +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: User + name: system:kube-controller-manager +- kind: ServiceAccount + name: kube-controller-manager + namespace: kube-system +- kind: ServiceAccount + name: aws-cloud-controller-manager + namespace: kube-system +- kind: ServiceAccount + name: cloud-controller-manager + namespace: kube-system diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content similarity index 94% rename from tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content rename to tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content index d46c0dc0bd..9f0758c909 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content @@ -93,6 +93,12 @@ spec: 64512]' format: int32 type: integer + bindMode: + description: BindMode indicates whether to listen for BGP connections + on all addresses (None) or only on the node's canonical IP address + Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen + for BGP connections on all addresses. + type: string communities: description: Communities is a list of BGP community values and their arbitrary names for tagging routes. @@ -123,6 +129,37 @@ spec: description: 'LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: INFO]' type: string + nodeMeshMaxRestartTime: + description: Time to allow for software restart for node-to-mesh peerings. When + specified, this is configured as the graceful restart timeout. When + not specified, the BIRD default of 120s is used. This field can + only be set on the default BGPConfiguration instance and requires + that NodeMesh is enabled + type: string + nodeMeshPassword: + description: Optional BGP password for full node-to-mesh peerings. + This field can only be set on the default BGPConfiguration instance + and requires that NodeMesh is enabled + properties: + secretKeyRef: + description: Selects a key of a secret in the node pod's namespace. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + type: object nodeToNodeMeshEnabled: description: 'NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled. [Default: true]' @@ -260,6 +297,12 @@ spec: description: Selector for the nodes that should have this peering. When this is set, the Node field must be empty. type: string + numAllowedLocalASNumbers: + description: Maximum number of local AS numbers that are allowed in + the AS path for received routes. This removes BGP loop prevention + and should only be used if absolutely necesssary. + format: int32 + type: integer password: description: Optional BGP password for the peerings generated by this BGPPeer resource. @@ -807,6 +850,11 @@ spec: description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. [Default: false]' type: boolean + bpfEnforceRPF: + description: 'BPFEnforceRPF enforce strict RPF on all interfaces with + BPF programs regardless of what is the per-interfaces or global + setting. Possible values are Disabled or Strict. [Default: Strict]' + type: string bpfExtToServiceConnmark: description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local @@ -846,6 +894,51 @@ spec: logs are emitted to the BPF trace pipe, accessible with the command `tc exec bpf debug`. [Default: Off].' type: string + bpfMapSizeConntrack: + description: 'BPFMapSizeConntrack sets the size for the conntrack + map. This map must be large enough to hold an entry for each active + connection. Warning: changing the size of the conntrack map can + cause disruption.' + type: integer + bpfMapSizeIPSets: + description: BPFMapSizeIPSets sets the size for ipsets map. The IP + sets map must be large enough to hold an entry for each endpoint + matched by every selector in the source/destination matches in network + policy. Selectors such as "all()" can result in large numbers of + entries (one entry per endpoint in that case). + type: integer + bpfMapSizeNATAffinity: + type: integer + bpfMapSizeNATBackend: + description: BPFMapSizeNATBackend sets the size for nat back end map. + This is the total number of endpoints. This is mostly more than + the size of the number of services. + type: integer + bpfMapSizeNATFrontend: + description: BPFMapSizeNATFrontend sets the size for nat front end + map. FrontendMap should be large enough to hold an entry for each + nodeport, external IP and each port in each service. + type: integer + bpfMapSizeRoute: + description: BPFMapSizeRoute sets the size for the routes map. The + routes map should be large enough to hold one entry per workload + and a handful of entries per host (enough to cover its own IPs and + tunnel IPs). + type: integer + bpfPSNATPorts: + anyOf: + - type: integer + - type: string + description: 'BPFPSNATPorts sets the range from which we randomly + pick a port if there is a source port collision. This should be + within the ephemeral range as defined by RFC 6056 (1024–65535) and + preferably outside the ephemeral ranges used by common operating + systems. Linux uses 32768–60999, while others mostly use the IANA + defined range 49152–65535. It is not necessarily a problem if this + range overlaps with the operating systems. Both ends of the range + are inclusive. [Default: 20000:29999]' + pattern: ^.* + x-kubernetes-int-or-string: true chainInsertMode: description: 'ChainInsertMode controls whether Felix hooks the kernel''s top-level iptables chains by inserting a rule at the top of the @@ -856,6 +949,15 @@ spec: Calico policy will be bypassed. [Default: insert]' type: string dataplaneDriver: + description: DataplaneDriver filename of the external dataplane driver + to use. Only used if UseInternalDataplaneDriver is set to false. + type: string + dataplaneWatchdogTimeout: + description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout + used for Felix''s (internal) dataplane driver. Increase this value + if you experience spurious non-ready or non-live events when Felix + is under heavy load. Decrease the value to get felix to report non-live + or non-ready more quickly. [Default: 90s]' type: string debugDisableLogDropping: type: boolean @@ -884,9 +986,14 @@ spec: routes, by default this will be RTPROT_BOOT when left blank. type: integer deviceRouteSourceAddress: - description: This is the source address to use on programmed device - routes. By default the source address is left blank, leaving the - kernel to choose the source address used. + description: This is the IPv4 source address to use on programmed + device routes. By default the source address is left blank, leaving + the kernel to choose the source address used. + type: string + deviceRouteSourceAddressIPv6: + description: This is the IPv6 source address to use on programmed + device routes. By default the source address is left blank, leaving + the kernel to choose the source address used. type: string disableConntrackInvalidCheck: type: boolean @@ -960,6 +1067,14 @@ spec: "true" or "false" will force the feature, empty or omitted values are auto-detected. type: string + floatingIPs: + default: Disabled + description: FloatingIPs configures whether or not Felix will program + floating IP addresses. + enum: + - Enabled + - Disabled + type: string genericXDPEnabled: description: 'GenericXDPEnabled enables Generic XDP so network cards that don''t support XDP offload or driver modes can use XDP. This @@ -997,6 +1112,9 @@ spec: disabled by setting the interval to 0. type: string ipipEnabled: + description: 'IPIPEnabled overrides whether Felix should configure + an IPIP interface on the host. Optional as Felix determines this + based on the existing IP pools. [Default: nil (unset)]' type: boolean ipipMTU: description: 'IPIPMTU is the MTU to set on the tunnel device. See @@ -1063,6 +1181,8 @@ spec: usage. [Default: 10s]' type: string ipv6Support: + description: IPv6Support controls whether Felix enables support for + IPv6 (if supported by the in-use dataplane). type: boolean kubeNodePortRanges: description: 'KubeNodePortRanges holds list of port ranges used for @@ -1076,6 +1196,12 @@ spec: pattern: ^.* x-kubernetes-int-or-string: true type: array + logDebugFilenameRegex: + description: LogDebugFilenameRegex controls which source code files + have their Debug log output included in the logs. Only logs from + files with names that match the given regular expression are included. The + filter only applies to Debug level logs. + type: string logFilePath: description: 'LogFilePath is the full path to the Felix log. Set to none to disable file logging. [Default: /var/log/calico/felix.log]' @@ -1205,9 +1331,9 @@ spec: routes. - CalicoIPAM: the default - use IPAM data to construct routes.' type: string routeTableRange: - description: Calico programs additional Linux route tables for various - purposes. RouteTableRange specifies the indices of the route tables - that Calico should use. + description: Deprecated in favor of RouteTableRanges. Calico programs + additional Linux route tables for various purposes. RouteTableRange + specifies the indices of the route tables that Calico should use. properties: max: type: integer @@ -1217,6 +1343,21 @@ spec: - max - min type: object + routeTableRanges: + description: Calico programs additional Linux route tables for various + purposes. RouteTableRanges specifies a set of table index ranges + that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`. + items: + properties: + max: + type: integer + min: + type: integer + required: + - max + - min + type: object + type: array serviceLoopPrevention: description: 'When service IP advertisement is enabled, prevent routing loops to service IPs that are not in use, by dropping or rejecting @@ -1244,12 +1385,22 @@ spec: Felix makes reports. [Default: 86400s]' type: string useInternalDataplaneDriver: + description: UseInternalDataplaneDriver, if true, Felix will use its + internal dataplane programming logic. If false, it will launch + an external dataplane driver and communicate with it over protobuf. type: boolean vxlanEnabled: + description: 'VXLANEnabled overrides whether Felix should create the + VXLAN tunnel device for VXLAN networking. Optional as Felix determines + this based on the existing IP pools. [Default: nil (unset)]' type: boolean vxlanMTU: - description: 'VXLANMTU is the MTU to set on the tunnel device. See - Configuring MTU [Default: 1440]' + description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel + device. See Configuring MTU [Default: 1410]' + type: integer + vxlanMTUV6: + description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel + device. See Configuring MTU [Default: 1390]' type: integer vxlanPort: type: integer @@ -1267,6 +1418,10 @@ spec: description: 'WireguardInterfaceName specifies the name to use for the Wireguard interface. [Default: wg.calico]' type: string + wireguardKeepAlive: + description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive + option. Set 0 to disable. [Default: 0]' + type: string wireguardListeningPort: description: 'WireguardListeningPort controls the listening port used by Wireguard. [Default: 51820]' @@ -1279,6 +1434,12 @@ spec: description: 'WireguardRoutingRulePriority controls the priority value to use for the Wireguard routing rule. [Default: 99]' type: integer + workloadSourceSpoofing: + description: WorkloadSourceSpoofing controls whether pods can use + the allowedSourcePrefixes annotation to send traffic with a source + IP address that is not theirs. This is disabled by default. When + set to "Any", pods can request any prefix. + type: string xdpEnabled: description: 'XDPEnabled enables XDP acceleration for suitable untracked incoming deny rules. [Default: true]' @@ -2375,13 +2536,25 @@ spec: resource. properties: affinity: + description: Affinity of the block, if this block has one. If set, + it will be of the form "host:". If not set, this block + is not affine to a host. type: string allocations: + description: Array of allocations in-use within this block. nil entries + mean the allocation is free. For non-nil entries at index i, the + index is the ordinal of the allocation within this block and the + value is the index of the associated attributes in the Attributes + array. items: nullable: true type: integer type: array attributes: + description: Attributes is an array of arbitrary metadata associated + with allocations in the block. To find attributes for a given allocation, + use the value of the allocation's entry in the Allocations array + as the index of the element in this array. items: properties: handle_id: @@ -2393,12 +2566,38 @@ spec: type: object type: array cidr: + description: The block's CIDR. type: string deleted: + description: Deleted is an internal boolean used to workaround a limitation + in the Kubernetes API whereby deletion will not return a conflict + error if the block has been updated. It should not be set manually. type: boolean + sequenceNumber: + default: 0 + description: We store a sequence number that is updated each time + the block is written. Each allocation will also store the sequence + number of the block at the time of its creation. When releasing + an IP, passing the sequence number associated with the allocation + allows us to protect against a race condition and ensure the IP + hasn't been released and re-allocated since the release request. + format: int64 + type: integer + sequenceNumberForAllocation: + additionalProperties: + format: int64 + type: integer + description: Map of allocated ordinal within the block to sequence + number of the block at the time of allocation. Kubernetes does not + allow numerical keys for maps, so the key is cast to a string. + type: object strictAffinity: + description: StrictAffinity on the IPAMBlock is deprecated and no + longer used by the code. Use IPAMConfig StrictAffinity instead. type: boolean unallocated: + description: Unallocated is an ordered list of allocations which are + free in the block. items: type: integer type: array @@ -2590,13 +2789,13 @@ spec: type: array blockSize: description: The block size to use for IP address assignments from - this pool. Defaults to 26 for IPv4 and 112 for IPv6. + this pool. Defaults to 26 for IPv4 and 122 for IPv6. type: integer cidr: description: The pool CIDR. type: string disableBGPExport: - description: 'Disable exporting routes from this IP Pool’s CIDR over + description: 'Disable exporting routes from this IP Pool''s CIDR over BGP. [Default: false]' type: boolean disabled: @@ -2663,6 +2862,8 @@ status: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) creationTimestamp: null labels: addon.kops.k8s.io/name: networking.projectcalico.org @@ -2823,6 +3024,11 @@ spec: type: string type: object type: object + debugProfilePort: + description: DebugProfilePort configures the port to serve memory + and cpu profiles on. If not specified, profiling is disabled. + format: int32 + type: integer etcdV3CompactionPeriod: description: 'EtcdV3CompactionPeriod is the period between etcdv3 compaction requests. Set to 0 to disable. [Default: 10m]' @@ -2933,6 +3139,11 @@ spec: type: string type: object type: object + debugProfilePort: + description: DebugProfilePort configures the port to serve memory + and cpu profiles on. If not specified, profiling is disabled. + format: int32 + type: integer etcdV3CompactionPeriod: description: 'EtcdV3CompactionPeriod is the period between etcdv3 compaction requests. Set to 0 to disable. [Default: 10m]' @@ -3894,7 +4105,6 @@ rules: - apiGroups: - crd.projectcalico.org resources: - - ippools - ipreservations verbs: - list @@ -3911,6 +4121,13 @@ rules: - update - delete - watch +- apiGroups: + - crd.projectcalico.org + resources: + - ippools + verbs: + - list + - watch - apiGroups: - crd.projectcalico.org resources: @@ -3927,8 +4144,10 @@ rules: - clusterinformations verbs: - get + - list - create - update + - watch - apiGroups: - crd.projectcalico.org resources: @@ -4243,7 +4462,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/node:v3.21.5 + image: docker.io/calico/node:v3.23.0 lifecycle: preStop: exec: @@ -4317,7 +4536,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.21.5 + image: docker.io/calico/cni:v3.23.0 name: upgrade-ipam securityContext: privileged: true @@ -4351,7 +4570,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.21.5 + image: docker.io/calico/cni:v3.23.0 name: install-cni securityContext: privileged: true @@ -4360,13 +4579,6 @@ spec: name: cni-bin-dir - mountPath: /host/etc/cni/net.d name: cni-net-dir - - image: docker.io/calico/pod2daemon-flexvol:v3.21.5 - name: flexvol-driver - securityContext: - privileged: true - volumeMounts: - - mountPath: /host/driver - name: flexvol-driver-host nodeSelector: kubernetes.io/os: linux priorityClassName: system-node-critical @@ -4413,10 +4625,6 @@ spec: path: /var/run/nodeagent type: DirectoryOrCreate name: policysync - - hostPath: - path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds - type: DirectoryOrCreate - name: flexvol-driver-host updateStrategy: rollingUpdate: maxUnavailable: 1 @@ -4470,7 +4678,7 @@ spec: value: node - name: DATASTORE_TYPE value: kubernetes - image: docker.io/calico/kube-controllers:v3.21.5 + image: docker.io/calico/kube-controllers:v3.23.0 livenessProbe: exec: command: @@ -4514,7 +4722,7 @@ metadata: --- -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: creationTimestamp: null diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content index 21efd54326..bea3e88be3 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-storage-aws.addons.k8s.io-v1.15.0_content @@ -35,7 +35,7 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: annotations: - storageclass.kubernetes.io/is-default-class: "true" + storageclass.kubernetes.io/is-default-class: "false" creationTimestamp: null labels: addon.kops.k8s.io/name: storage-aws.addons.k8s.io @@ -50,6 +50,26 @@ volumeBindingMode: WaitForFirstConsumer --- +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + creationTimestamp: null + labels: + addon.kops.k8s.io/name: storage-aws.addons.k8s.io + app.kubernetes.io/managed-by: kops + k8s-addon: storage-aws.addons.k8s.io + name: kops-csi-1-21 +parameters: + encrypted: "true" + type: gp3 +provisioner: ebs.csi.aws.com +volumeBindingMode: WaitForFirstConsumer + +--- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index 7b0cebe70d..9df77eadad 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -137,11 +137,6 @@ resource "aws_autoscaling_group" "bastion-privatecalico-example-com" { propagate_at_launch = true value = "bastion.privatecalico.example.com" } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" - propagate_at_launch = true - value = "node" - } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" propagate_at_launch = true @@ -192,21 +187,11 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-privatecalico-exampl propagate_at_launch = true value = "" } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" - propagate_at_launch = true - value = "master" - } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" propagate_at_launch = true value = "" } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" - propagate_at_launch = true - value = "" - } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" propagate_at_launch = true @@ -251,11 +236,6 @@ resource "aws_autoscaling_group" "nodes-privatecalico-example-com" { propagate_at_launch = true value = "nodes.privatecalico.example.com" } - tag { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" - propagate_at_launch = true - value = "node" - } tag { key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" propagate_at_launch = true @@ -486,7 +466,7 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { name = aws_iam_instance_profile.bastions-privatecalico-example-com.id } image_id = "ami-12345678" - instance_type = "t2.micro" + instance_type = "t3.micro" key_name = aws_key_pair.kubernetes-privatecalico-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id lifecycle { create_before_destroy = true @@ -512,7 +492,6 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "bastion.privatecalico.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/bastion" = "1" "kops.k8s.io/instancegroup" = "bastion" @@ -524,7 +503,6 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "bastion.privatecalico.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/bastion" = "1" "kops.k8s.io/instancegroup" = "bastion" @@ -534,7 +512,6 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "bastion.privatecalico.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/bastion" = "1" "kops.k8s.io/instancegroup" = "bastion" @@ -554,15 +531,11 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- volume_type = "gp3" } } - block_device_mappings { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } iam_instance_profile { name = aws_iam_instance_profile.masters-privatecalico-example-com.id } image_id = "ami-12345678" - instance_type = "m3.medium" + instance_type = "t3.medium" key_name = aws_key_pair.kubernetes-privatecalico-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id lifecycle { create_before_destroy = true @@ -571,7 +544,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = false @@ -589,9 +562,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- "KubernetesCluster" = "privatecalico.example.com" "Name" = "master-us-test-1a.masters.privatecalico.example.com" "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" "k8s.io/role/master" = "1" "kops.k8s.io/instancegroup" = "master-us-test-1a" @@ -604,9 +575,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- "KubernetesCluster" = "privatecalico.example.com" "Name" = "master-us-test-1a.masters.privatecalico.example.com" "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" "k8s.io/role/master" = "1" "kops.k8s.io/instancegroup" = "master-us-test-1a" @@ -617,9 +586,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- "KubernetesCluster" = "privatecalico.example.com" "Name" = "master-us-test-1a.masters.privatecalico.example.com" "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki" = "" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane" = "" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers" = "" "k8s.io/role/master" = "1" "kops.k8s.io/instancegroup" = "master-us-test-1a" @@ -644,7 +611,7 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { name = aws_iam_instance_profile.nodes-privatecalico-example-com.id } image_id = "ami-12345678" - instance_type = "t2.medium" + instance_type = "t3.medium" key_name = aws_key_pair.kubernetes-privatecalico-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id lifecycle { create_before_destroy = true @@ -652,8 +619,8 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" - http_put_response_hop_limit = 1 - http_tokens = "optional" + http_put_response_hop_limit = 3 + http_tokens = "required" } monitoring { enabled = false @@ -670,7 +637,6 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "nodes.privatecalico.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/node" = "1" "kops.k8s.io/instancegroup" = "nodes" @@ -682,7 +648,6 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "nodes.privatecalico.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/node" = "1" "kops.k8s.io/instancegroup" = "nodes" @@ -692,7 +657,6 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "nodes.privatecalico.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" "k8s.io/role/node" = "1" "kops.k8s.io/instancegroup" = "nodes" @@ -842,6 +806,22 @@ resource "aws_s3_object" "nodeupconfig-nodes" { server_side_encryption = "AES256" } +resource "aws_s3_object" "privatecalico-example-com-addons-aws-cloud-controller-addons-k8s-io-k8s-1-18" { + bucket = "testingBucket" + content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-aws-cloud-controller.addons.k8s.io-k8s-1.18_content") + key = "clusters.example.com/privatecalico.example.com/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml" + provider = aws.files + server_side_encryption = "AES256" +} + +resource "aws_s3_object" "privatecalico-example-com-addons-aws-ebs-csi-driver-addons-k8s-io-k8s-1-17" { + bucket = "testingBucket" + content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-aws-ebs-csi-driver.addons.k8s.io-k8s-1.17_content") + key = "clusters.example.com/privatecalico.example.com/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml" + provider = aws.files + server_side_encryption = "AES256" +} + resource "aws_s3_object" "privatecalico-example-com-addons-bootstrap" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content") @@ -890,6 +870,14 @@ resource "aws_s3_object" "privatecalico-example-com-addons-kubelet-api-rbac-addo server_side_encryption = "AES256" } +resource "aws_s3_object" "privatecalico-example-com-addons-leader-migration-rbac-addons-k8s-io-k8s-1-23" { + bucket = "testingBucket" + content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-leader-migration.rbac.addons.k8s.io-k8s-1.23_content") + key = "clusters.example.com/privatecalico.example.com/addons/leader-migration.rbac.addons.k8s.io/k8s-1.23.yaml" + provider = aws.files + server_side_encryption = "AES256" +} + resource "aws_s3_object" "privatecalico-example-com-addons-limit-range-addons-k8s-io" { bucket = "testingBucket" content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-limit-range.addons.k8s.io_content") @@ -898,10 +886,10 @@ resource "aws_s3_object" "privatecalico-example-com-addons-limit-range-addons-k8 server_side_encryption = "AES256" } -resource "aws_s3_object" "privatecalico-example-com-addons-networking-projectcalico-org-k8s-1-16" { +resource "aws_s3_object" "privatecalico-example-com-addons-networking-projectcalico-org-k8s-1-23" { bucket = "testingBucket" - content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.16_content") - key = "clusters.example.com/privatecalico.example.com/addons/networking.projectcalico.org/k8s-1.16.yaml" + content = file("${path.module}/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content") + key = "clusters.example.com/privatecalico.example.com/addons/networking.projectcalico.org/k8s-1.23.yaml" provider = aws.files server_side_encryption = "AES256" } @@ -987,6 +975,24 @@ resource "aws_security_group_rule" "from-0-0-0-0--0-ingress-tcp-443to443-api-elb type = "ingress" } +resource "aws_security_group_rule" "from-__--0-ingress-tcp-22to22-bastion-elb-privatecalico-example-com" { + from_port = 22 + ipv6_cidr_blocks = ["::/0"] + protocol = "tcp" + security_group_id = aws_security_group.bastion-elb-privatecalico-example-com.id + to_port = 22 + type = "ingress" +} + +resource "aws_security_group_rule" "from-__--0-ingress-tcp-443to443-api-elb-privatecalico-example-com" { + from_port = 443 + ipv6_cidr_blocks = ["::/0"] + protocol = "tcp" + security_group_id = aws_security_group.api-elb-privatecalico-example-com.id + to_port = 443 + type = "ingress" +} + resource "aws_security_group_rule" "from-api-elb-privatecalico-example-com-egress-all-0to0-0-0-0-0--0" { cidr_blocks = ["0.0.0.0/0"] from_port = 0 @@ -1194,9 +1200,20 @@ resource "aws_security_group_rule" "icmp-pmtu-api-elb-0-0-0-0--0" { type = "ingress" } +resource "aws_security_group_rule" "icmpv6-pmtu-api-elb-__--0" { + from_port = -1 + ipv6_cidr_blocks = ["::/0"] + protocol = "icmpv6" + security_group_id = aws_security_group.api-elb-privatecalico-example-com.id + to_port = -1 + type = "ingress" +} + resource "aws_subnet" "us-test-1a-privatecalico-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.32.0/19" + availability_zone = "us-test-1a" + cidr_block = "172.20.32.0/19" + enable_resource_name_dns_a_record_on_launch = true + private_dns_hostname_type_on_launch = "resource-name" tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "us-test-1a.privatecalico.example.com" @@ -1208,8 +1225,10 @@ resource "aws_subnet" "us-test-1a-privatecalico-example-com" { } resource "aws_subnet" "utility-us-test-1a-privatecalico-example-com" { - availability_zone = "us-test-1a" - cidr_block = "172.20.4.0/22" + availability_zone = "us-test-1a" + cidr_block = "172.20.4.0/22" + enable_resource_name_dns_a_record_on_launch = true + private_dns_hostname_type_on_launch = "resource-name" tags = { "KubernetesCluster" = "privatecalico.example.com" "Name" = "utility-us-test-1a.privatecalico.example.com" From 1c644ecebbf4cd93b9bf7ff61b7677b065facea7 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 21 May 2022 10:35:57 +0200 Subject: [PATCH 3/5] Update Calico to v3.23.1 --- .../k8s-1.23.yaml.template | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.23.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.23.yaml.template index 884afc3281..8bf9414b44 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.23.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org/k8s-1.23.yaml.template @@ -4359,7 +4359,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:{{ or .Networking.Calico.Version "v3.23.0" }} + - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/typha:{{ or .Networking.Calico.Version "v3.23.1" }} name: calico-typha ports: - containerPort: 5473 @@ -4480,7 +4480,7 @@ spec: # It can be deleted if this is a fresh installation, or if you have already # upgraded to use calico-ipam. - name: upgrade-ipam - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:{{ or .Networking.Calico.Version "v3.23.0" }} + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:{{ or .Networking.Calico.Version "v3.23.1" }} command: ["/opt/cni/bin/calico-ipam", "-upgrade"] envFrom: - configMapRef: @@ -4507,7 +4507,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:{{ or .Networking.Calico.Version "v3.23.0" }} + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/cni:{{ or .Networking.Calico.Version "v3.23.1" }} command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -4550,7 +4550,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/node:{{ or .Networking.Calico.Version "v3.23.0" }} + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/node:{{ or .Networking.Calico.Version "v3.23.1" }} envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -4863,7 +4863,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:{{ or .Networking.Calico.Version "v3.23.0" }} + image: {{ or .Networking.Calico.Registry "docker.io" }}/calico/kube-controllers:{{ or .Networking.Calico.Version "v3.23.1" }} env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS From 01b0e5a3deace890fa214f76d8ca703f30af54e1 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 21 May 2022 10:36:04 +0200 Subject: [PATCH 4/5] Update Canal to v3.23.1 --- .../k8s-1.22.yaml.template | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template index 2fecce2d6d..9ce273b8d8 100644 --- a/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.projectcalico.org.canal/k8s-1.22.yaml.template @@ -4358,7 +4358,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: calico/typha:v3.23.0 + - image: calico/typha:v3.23.1 name: calico-typha ports: - containerPort: 5473 @@ -4468,7 +4468,7 @@ spec: # This container installs the CNI binaries # and CNI network config file on each node. - name: install-cni - image: docker.io/calico/cni:v3.23.0 + image: docker.io/calico/cni:v3.23.1 command: ["/opt/cni/bin/install"] envFrom: - configMapRef: @@ -4511,7 +4511,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: docker.io/calico/node:v3.23.0 + image: docker.io/calico/node:v3.23.1 envFrom: - configMapRef: # Allow KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT to be overridden for eBPF mode. @@ -4791,7 +4791,7 @@ spec: priorityClassName: system-cluster-critical containers: - name: calico-kube-controllers - image: docker.io/calico/kube-controllers:v3.23.0 + image: docker.io/calico/kube-controllers:v3.23.1 env: # Choose which controllers to run. - name: ENABLED_CONTROLLERS From b5f908be0b0baf47f277dbd377bd51d857853e3e Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 21 May 2022 10:39:13 +0200 Subject: [PATCH 5/5] Run hack/update-expected.sh --- ...ject_minimal-ipv6.example.com-addons-bootstrap_content | 2 +- ...m-addons-networking.projectcalico.org-k8s-1.23_content | 8 ++++---- ...ect_privatecalico.example.com-addons-bootstrap_content | 2 +- ...m-addons-networking.projectcalico.org-k8s-1.23_content | 8 ++++---- ...ject_privatecanal.example.com-addons-bootstrap_content | 2 +- ...ns-networking.projectcalico.org.canal-k8s-1.22_content | 6 +++--- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content index f902f522e2..419257ccb1 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -61,7 +61,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: networking.projectcalico.org/k8s-1.23.yaml - manifestHash: 668665e8c8cddfd1e660e2f80831c3277d88d3cea36dc9051ed4e15a9c0749c3 + manifestHash: 5c8d7e98d34e92f128508c2d00efed7e866251aec643309cbbdf0f9934a95f82 name: networking.projectcalico.org selector: role.kubernetes.io/networking: "1" diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content index 5407dbb3f0..92ccb3269a 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_s3_object_minimal-ipv6.example.com-addons-networking.projectcalico.org-k8s-1.23_content @@ -4467,7 +4467,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/node:v3.23.0 + image: docker.io/calico/node:v3.23.1 lifecycle: preStop: exec: @@ -4539,7 +4539,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.23.0 + image: docker.io/calico/cni:v3.23.1 name: upgrade-ipam securityContext: privileged: true @@ -4573,7 +4573,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.23.0 + image: docker.io/calico/cni:v3.23.1 name: install-cni securityContext: privileged: true @@ -4681,7 +4681,7 @@ spec: value: node - name: DATASTORE_TYPE value: kubernetes - image: docker.io/calico/kube-controllers:v3.23.0 + image: docker.io/calico/kube-controllers:v3.23.1 livenessProbe: exec: command: diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content index 063b3bb256..5e2ed63196 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-bootstrap_content @@ -61,7 +61,7 @@ spec: version: 9.99.0 - id: k8s-1.23 manifest: networking.projectcalico.org/k8s-1.23.yaml - manifestHash: 95d65cf5c44a8fc7f7d4d6e4b2b386fa74979c81c9796be4bbea0089f1e1292e + manifestHash: 73aec25bade185c9929399be7809330abd3f75d86fb7f36334f44d185f7981c0 name: networking.projectcalico.org selector: role.kubernetes.io/networking: "1" diff --git a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content index 9f0758c909..1317353bb1 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content +++ b/tests/integration/update_cluster/privatecalico/data/aws_s3_object_privatecalico.example.com-addons-networking.projectcalico.org-k8s-1.23_content @@ -4462,7 +4462,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/node:v3.23.0 + image: docker.io/calico/node:v3.23.1 lifecycle: preStop: exec: @@ -4536,7 +4536,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.23.0 + image: docker.io/calico/cni:v3.23.1 name: upgrade-ipam securityContext: privileged: true @@ -4570,7 +4570,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.23.0 + image: docker.io/calico/cni:v3.23.1 name: install-cni securityContext: privileged: true @@ -4678,7 +4678,7 @@ spec: value: node - name: DATASTORE_TYPE value: kubernetes - image: docker.io/calico/kube-controllers:v3.23.0 + image: docker.io/calico/kube-controllers:v3.23.1 livenessProbe: exec: command: diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content index edf8bbd350..c2948b8bbd 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-bootstrap_content @@ -54,7 +54,7 @@ spec: version: 9.99.0 - id: k8s-1.22 manifest: networking.projectcalico.org.canal/k8s-1.22.yaml - manifestHash: e901520c95925f596ab91f42a0e1efba17690f1c3384f1263dd5017ee0cb78f4 + manifestHash: ff8bbeaba0ec65a71b29563278683bcfe8130d023a388b5321f347b1ff932136 name: networking.projectcalico.org.canal selector: role.kubernetes.io/networking: "1" diff --git a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-networking.projectcalico.org.canal-k8s-1.22_content b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-networking.projectcalico.org.canal-k8s-1.22_content index 39512b7899..a4a39025df 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-networking.projectcalico.org.canal-k8s-1.22_content +++ b/tests/integration/update_cluster/privatecanal/data/aws_s3_object_privatecanal.example.com-addons-networking.projectcalico.org.canal-k8s-1.22_content @@ -4458,7 +4458,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/node:v3.23.0 + image: docker.io/calico/node:v3.23.1 lifecycle: preStop: exec: @@ -4571,7 +4571,7 @@ spec: - configMapRef: name: kubernetes-services-endpoint optional: true - image: docker.io/calico/cni:v3.23.0 + image: docker.io/calico/cni:v3.23.1 name: install-cni securityContext: privileged: true @@ -4697,7 +4697,7 @@ spec: value: node - name: DATASTORE_TYPE value: kubernetes - image: docker.io/calico/kube-controllers:v3.23.0 + image: docker.io/calico/kube-controllers:v3.23.1 livenessProbe: exec: command: