kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

./hack/update-expected.sh

This commit is contained in:
cloud303-pdavis 2025-08-21 16:07:32 -06:00
parent df39d62034
commit 99b8ff05df
8 changed files with 1940 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

584
tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -41,20 +41,37 @@ spec:
description: IngressClassParams is the Schema for the IngressClassParams API description: IngressClassParams is the Schema for the IngressClassParams API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: IngressClassParamsSpec defines the desired state of IngressClassParams description: IngressClassParamsSpec defines the desired state of IngressClassParams
properties: properties:
PrefixListsIDs:
description: PrefixListsIDs defines the security group prefix lists
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
certificateArn:
description: CertificateArn specifies the ARN of the certificates
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
group: group:
description: Group defines the IngressGroup for all Ingresses that description: Group defines the IngressGroup for all Ingresses that
belong to IngressClass with this IngressClassParams. belong to IngressClass with this IngressClassParams.
@ -77,7 +94,47 @@ spec:
enum: enum:
- ipv4 - ipv4
- dualstack - dualstack
- dualstack-without-public-ipv4
type: string type: string
ipamConfiguration:
description: IPAMConfiguration defines the IPAM settings for a Load
Balancer.
properties:
ipv4IPAMPoolId:
description: IPv4IPAMPoolId defines the IPAM pool ID used for
IPv4 Addresses on the ALB.
type: string
type: object
listeners:
description: Listeners define a list of listeners with their protocol,
port and attributes.
items:
properties:
listenerAttributes:
description: The attributes of the listener
items:
description: Attributes defines custom attributes on resources.
properties:
key:
description: The key of the attribute.
type: string
value:
description: The value of the attribute.
type: string
required:
- key
- value
type: object
type: array
port:
description: The port of the listener
format: int32
type: integer
protocol:
description: The protocol of the listener
type: string
type: object
type: array
loadBalancerAttributes: loadBalancerAttributes:
description: LoadBalancerAttributes define the custom attributes to description: LoadBalancerAttributes define the custom attributes to
LoadBalancers for all Ingress that that belong to IngressClass with LoadBalancers for all Ingress that that belong to IngressClass with
@ -96,50 +153,63 @@ spec:
- value - value
type: object type: object
type: array type: array
minimumLoadBalancerCapacity:
description: MinimumLoadBalancerCapacity define the capacity reservation
for LoadBalancers for all Ingress that belong to IngressClass with
this IngressClassParams.
properties:
capacityUnits:
description: The Capacity Units Value.
format: int32
type: integer
required:
- capacityUnits
type: object
namespaceSelector: namespaceSelector:
description: NamespaceSelector restrict the namespaces of Ingresses description: |-
that are allowed to specify the IngressClass with this IngressClassParams. NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.
* if absent or present but empty, it selects all namespaces. * if absent or present but empty, it selects all namespaces.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -172,10 +242,11 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Tags specifies subnets in the load balancer's VPC description: |-
where each tag specified in the map key contains one of the Tags specifies subnets in the load balancer's VPC where each
values in the corresponding value list. Exactly one of this tag specified in the map key contains one of the values in the corresponding
or `ids` must be specified. value list.
Exactly one of this or `ids` must be specified.
type: object type: object
type: object type: object
tags: tags:
@ -195,6 +266,13 @@ spec:
- value - value
type: object type: object
type: array type: array
targetType:
description: TargetType defines the target type of target groups for
all Ingresses that belong to IngressClass with this IngressClassParams.
enum:
- instance
- ip
type: string
type: object type: object
type: object type: object
served: true served: true
@ -207,7 +285,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -242,6 +320,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -251,20 +334,38 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking provides the networking setup for ELBV2 LoadBalancer description: networking provides the networking setup for ELBV2 LoadBalancer
to access targets in TargetGroup. to access targets in TargetGroup.
@ -275,28 +376,30 @@ spec:
items: items:
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -307,24 +410,24 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
properties: properties:
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -359,6 +462,9 @@ spec:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
type: string type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
it will be automatically inferred. it will be automatically inferred.
@ -368,7 +474,6 @@ spec:
type: string type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -401,6 +506,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -410,20 +520,34 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
ipAddressType: ipAddressType:
description: ipAddressType specifies whether the target group is of description: ipAddressType specifies whether the target group is of
type IPv4 or IPv6. If unspecified, it will be automatically inferred. type IPv4 or IPv6. If unspecified, it will be automatically inferred.
@ -431,6 +555,10 @@ spec:
- ipv4 - ipv4
- ipv6 - ipv6
type: string type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking defines the networking rules to allow ELBV2 description: networking defines the networking rules to allow ELBV2
LoadBalancer to access targets in TargetGroup. LoadBalancer to access targets in TargetGroup.
@ -443,28 +571,30 @@ spec:
of traffic that is allowed to access TargetGroup's targets. of traffic that is allowed to access TargetGroup's targets.
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -475,9 +605,9 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
description: NetworkingPort defines the port and protocol description: NetworkingPort defines the port and protocol
for networking rules. for networking rules.
@ -486,15 +616,15 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -516,41 +646,42 @@ spec:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -574,7 +705,9 @@ spec:
targetGroupARN: targetGroupARN:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
minLength: 1 type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
@ -583,9 +716,12 @@ spec:
- instance - instance
- ip - ip
type: string type: string
vpcID:
description: VpcID is the VPC of the TargetGroup. If unspecified,
it will be automatically inferred.
type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -676,6 +812,15 @@ metadata:
k8s-addon: aws-load-balancer-controller.addons.k8s.io k8s-addon: aws-load-balancer-controller.addons.k8s.io
name: aws-load-balancer-controller-role name: aws-load-balancer-controller-role
rules: rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -791,6 +936,245 @@ rules:
verbs: verbs:
- patch - patch
- update - update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- referencegrants
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- networking.k8s.io - networking.k8s.io
resources: resources:
@ -929,7 +1313,7 @@ spec:
value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com
- name: AWS_WEB_IDENTITY_TOKEN_FILE - name: AWS_WEB_IDENTITY_TOKEN_FILE
value: /var/run/secrets/amazonaws.com/token value: /var/run/secrets/amazonaws.com/token
image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 image: public.ecr.aws/eks/aws-load-balancer-controller:v2.13.4
livenessProbe: livenessProbe:
failureThreshold: 2 failureThreshold: 2
httpGet: httpGet:

2
tests/integration/update_cluster/aws-lb-controller/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -148,7 +148,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.19 - id: k8s-1.19
manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml
manifestHash: f32c0c5f258e9fb26f8a69b7a2e9ece3738d737552e774d8d84896dcab323782 manifestHash: 18226ed1d11cc43ad4dd4a4fd20fc90599b76802ea4331ef33b6c34c47eb9b98
name: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-controller.addons.k8s.io
needsPKI: true needsPKI: true
selector: selector:

584
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -41,20 +41,37 @@ spec:
description: IngressClassParams is the Schema for the IngressClassParams API description: IngressClassParams is the Schema for the IngressClassParams API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: IngressClassParamsSpec defines the desired state of IngressClassParams description: IngressClassParamsSpec defines the desired state of IngressClassParams
properties: properties:
PrefixListsIDs:
description: PrefixListsIDs defines the security group prefix lists
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
certificateArn:
description: CertificateArn specifies the ARN of the certificates
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
group: group:
description: Group defines the IngressGroup for all Ingresses that description: Group defines the IngressGroup for all Ingresses that
belong to IngressClass with this IngressClassParams. belong to IngressClass with this IngressClassParams.
@ -77,7 +94,47 @@ spec:
enum: enum:
- ipv4 - ipv4
- dualstack - dualstack
- dualstack-without-public-ipv4
type: string type: string
ipamConfiguration:
description: IPAMConfiguration defines the IPAM settings for a Load
Balancer.
properties:
ipv4IPAMPoolId:
description: IPv4IPAMPoolId defines the IPAM pool ID used for
IPv4 Addresses on the ALB.
type: string
type: object
listeners:
description: Listeners define a list of listeners with their protocol,
port and attributes.
items:
properties:
listenerAttributes:
description: The attributes of the listener
items:
description: Attributes defines custom attributes on resources.
properties:
key:
description: The key of the attribute.
type: string
value:
description: The value of the attribute.
type: string
required:
- key
- value
type: object
type: array
port:
description: The port of the listener
format: int32
type: integer
protocol:
description: The protocol of the listener
type: string
type: object
type: array
loadBalancerAttributes: loadBalancerAttributes:
description: LoadBalancerAttributes define the custom attributes to description: LoadBalancerAttributes define the custom attributes to
LoadBalancers for all Ingress that that belong to IngressClass with LoadBalancers for all Ingress that that belong to IngressClass with
@ -96,50 +153,63 @@ spec:
- value - value
type: object type: object
type: array type: array
minimumLoadBalancerCapacity:
description: MinimumLoadBalancerCapacity define the capacity reservation
for LoadBalancers for all Ingress that belong to IngressClass with
this IngressClassParams.
properties:
capacityUnits:
description: The Capacity Units Value.
format: int32
type: integer
required:
- capacityUnits
type: object
namespaceSelector: namespaceSelector:
description: NamespaceSelector restrict the namespaces of Ingresses description: |-
that are allowed to specify the IngressClass with this IngressClassParams. NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.
* if absent or present but empty, it selects all namespaces. * if absent or present but empty, it selects all namespaces.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -172,10 +242,11 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Tags specifies subnets in the load balancer's VPC description: |-
where each tag specified in the map key contains one of the Tags specifies subnets in the load balancer's VPC where each
values in the corresponding value list. Exactly one of this tag specified in the map key contains one of the values in the corresponding
or `ids` must be specified. value list.
Exactly one of this or `ids` must be specified.
type: object type: object
type: object type: object
tags: tags:
@ -195,6 +266,13 @@ spec:
- value - value
type: object type: object
type: array type: array
targetType:
description: TargetType defines the target type of target groups for
all Ingresses that belong to IngressClass with this IngressClassParams.
enum:
- instance
- ip
type: string
type: object type: object
type: object type: object
served: true served: true
@ -207,7 +285,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -242,6 +320,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -251,20 +334,38 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking provides the networking setup for ELBV2 LoadBalancer description: networking provides the networking setup for ELBV2 LoadBalancer
to access targets in TargetGroup. to access targets in TargetGroup.
@ -275,28 +376,30 @@ spec:
items: items:
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -307,24 +410,24 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
properties: properties:
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -359,6 +462,9 @@ spec:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
type: string type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
it will be automatically inferred. it will be automatically inferred.
@ -368,7 +474,6 @@ spec:
type: string type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -401,6 +506,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -410,20 +520,34 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
ipAddressType: ipAddressType:
description: ipAddressType specifies whether the target group is of description: ipAddressType specifies whether the target group is of
type IPv4 or IPv6. If unspecified, it will be automatically inferred. type IPv4 or IPv6. If unspecified, it will be automatically inferred.
@ -431,6 +555,10 @@ spec:
- ipv4 - ipv4
- ipv6 - ipv6
type: string type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking defines the networking rules to allow ELBV2 description: networking defines the networking rules to allow ELBV2
LoadBalancer to access targets in TargetGroup. LoadBalancer to access targets in TargetGroup.
@ -443,28 +571,30 @@ spec:
of traffic that is allowed to access TargetGroup's targets. of traffic that is allowed to access TargetGroup's targets.
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -475,9 +605,9 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
description: NetworkingPort defines the port and protocol description: NetworkingPort defines the port and protocol
for networking rules. for networking rules.
@ -486,15 +616,15 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -516,41 +646,42 @@ spec:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -574,7 +705,9 @@ spec:
targetGroupARN: targetGroupARN:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
minLength: 1 type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
@ -583,9 +716,12 @@ spec:
- instance - instance
- ip - ip
type: string type: string
vpcID:
description: VpcID is the VPC of the TargetGroup. If unspecified,
it will be automatically inferred.
type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -676,6 +812,15 @@ metadata:
k8s-addon: aws-load-balancer-controller.addons.k8s.io k8s-addon: aws-load-balancer-controller.addons.k8s.io
name: aws-load-balancer-controller-role name: aws-load-balancer-controller-role
rules: rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -791,6 +936,245 @@ rules:
verbs: verbs:
- patch - patch
- update - update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- referencegrants
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- networking.k8s.io - networking.k8s.io
resources: resources:
@ -929,7 +1313,7 @@ spec:
value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com value: arn:aws-test:iam::123456789012:role/aws-load-balancer-controller.kube-system.sa.minimal.example.com
- name: AWS_WEB_IDENTITY_TOKEN_FILE - name: AWS_WEB_IDENTITY_TOKEN_FILE
value: /var/run/secrets/amazonaws.com/token value: /var/run/secrets/amazonaws.com/token
image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 image: public.ecr.aws/eks/aws-load-balancer-controller:v2.13.4
livenessProbe: livenessProbe:
failureThreshold: 2 failureThreshold: 2
httpGet: httpGet:

2
tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -163,7 +163,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.19 - id: k8s-1.19
manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml
manifestHash: f32c0c5f258e9fb26f8a69b7a2e9ece3738d737552e774d8d84896dcab323782 manifestHash: 18226ed1d11cc43ad4dd4a4fd20fc90599b76802ea4331ef33b6c34c47eb9b98
name: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-controller.addons.k8s.io
needsPKI: true needsPKI: true
selector: selector:

584
tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -41,20 +41,37 @@ spec:
description: IngressClassParams is the Schema for the IngressClassParams API description: IngressClassParams is the Schema for the IngressClassParams API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: IngressClassParamsSpec defines the desired state of IngressClassParams description: IngressClassParamsSpec defines the desired state of IngressClassParams
properties: properties:
PrefixListsIDs:
description: PrefixListsIDs defines the security group prefix lists
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
certificateArn:
description: CertificateArn specifies the ARN of the certificates
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
group: group:
description: Group defines the IngressGroup for all Ingresses that description: Group defines the IngressGroup for all Ingresses that
belong to IngressClass with this IngressClassParams. belong to IngressClass with this IngressClassParams.
@ -77,7 +94,47 @@ spec:
enum: enum:
- ipv4 - ipv4
- dualstack - dualstack
- dualstack-without-public-ipv4
type: string type: string
ipamConfiguration:
description: IPAMConfiguration defines the IPAM settings for a Load
Balancer.
properties:
ipv4IPAMPoolId:
description: IPv4IPAMPoolId defines the IPAM pool ID used for
IPv4 Addresses on the ALB.
type: string
type: object
listeners:
description: Listeners define a list of listeners with their protocol,
port and attributes.
items:
properties:
listenerAttributes:
description: The attributes of the listener
items:
description: Attributes defines custom attributes on resources.
properties:
key:
description: The key of the attribute.
type: string
value:
description: The value of the attribute.
type: string
required:
- key
- value
type: object
type: array
port:
description: The port of the listener
format: int32
type: integer
protocol:
description: The protocol of the listener
type: string
type: object
type: array
loadBalancerAttributes: loadBalancerAttributes:
description: LoadBalancerAttributes define the custom attributes to description: LoadBalancerAttributes define the custom attributes to
LoadBalancers for all Ingress that that belong to IngressClass with LoadBalancers for all Ingress that that belong to IngressClass with
@ -96,50 +153,63 @@ spec:
- value - value
type: object type: object
type: array type: array
minimumLoadBalancerCapacity:
description: MinimumLoadBalancerCapacity define the capacity reservation
for LoadBalancers for all Ingress that belong to IngressClass with
this IngressClassParams.
properties:
capacityUnits:
description: The Capacity Units Value.
format: int32
type: integer
required:
- capacityUnits
type: object
namespaceSelector: namespaceSelector:
description: NamespaceSelector restrict the namespaces of Ingresses description: |-
that are allowed to specify the IngressClass with this IngressClassParams. NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.
* if absent or present but empty, it selects all namespaces. * if absent or present but empty, it selects all namespaces.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -172,10 +242,11 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Tags specifies subnets in the load balancer's VPC description: |-
where each tag specified in the map key contains one of the Tags specifies subnets in the load balancer's VPC where each
values in the corresponding value list. Exactly one of this tag specified in the map key contains one of the values in the corresponding
or `ids` must be specified. value list.
Exactly one of this or `ids` must be specified.
type: object type: object
type: object type: object
tags: tags:
@ -195,6 +266,13 @@ spec:
- value - value
type: object type: object
type: array type: array
targetType:
description: TargetType defines the target type of target groups for
all Ingresses that belong to IngressClass with this IngressClassParams.
enum:
- instance
- ip
type: string
type: object type: object
type: object type: object
served: true served: true
@ -207,7 +285,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -242,6 +320,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -251,20 +334,38 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking provides the networking setup for ELBV2 LoadBalancer description: networking provides the networking setup for ELBV2 LoadBalancer
to access targets in TargetGroup. to access targets in TargetGroup.
@ -275,28 +376,30 @@ spec:
items: items:
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -307,24 +410,24 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
properties: properties:
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -359,6 +462,9 @@ spec:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
type: string type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
it will be automatically inferred. it will be automatically inferred.
@ -368,7 +474,6 @@ spec:
type: string type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -401,6 +506,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -410,20 +520,34 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
ipAddressType: ipAddressType:
description: ipAddressType specifies whether the target group is of description: ipAddressType specifies whether the target group is of
type IPv4 or IPv6. If unspecified, it will be automatically inferred. type IPv4 or IPv6. If unspecified, it will be automatically inferred.
@ -431,6 +555,10 @@ spec:
- ipv4 - ipv4
- ipv6 - ipv6
type: string type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking defines the networking rules to allow ELBV2 description: networking defines the networking rules to allow ELBV2
LoadBalancer to access targets in TargetGroup. LoadBalancer to access targets in TargetGroup.
@ -443,28 +571,30 @@ spec:
of traffic that is allowed to access TargetGroup's targets. of traffic that is allowed to access TargetGroup's targets.
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -475,9 +605,9 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
description: NetworkingPort defines the port and protocol description: NetworkingPort defines the port and protocol
for networking rules. for networking rules.
@ -486,15 +616,15 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -516,41 +646,42 @@ spec:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -574,7 +705,9 @@ spec:
targetGroupARN: targetGroupARN:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
minLength: 1 type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
@ -583,9 +716,12 @@ spec:
- instance - instance
- ip - ip
type: string type: string
vpcID:
description: VpcID is the VPC of the TargetGroup. If unspecified,
it will be automatically inferred.
type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -676,6 +812,15 @@ metadata:
k8s-addon: aws-load-balancer-controller.addons.k8s.io k8s-addon: aws-load-balancer-controller.addons.k8s.io
name: aws-load-balancer-controller-role name: aws-load-balancer-controller-role
rules: rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -791,6 +936,245 @@ rules:
verbs: verbs:
- patch - patch
- update - update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- referencegrants
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- networking.k8s.io - networking.k8s.io
resources: resources:
@ -939,7 +1323,7 @@ spec:
fieldRef: fieldRef:
apiVersion: v1 apiVersion: v1
fieldPath: spec.nodeName fieldPath: spec.nodeName
image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 image: public.ecr.aws/eks/aws-load-balancer-controller:v2.13.4
livenessProbe: livenessProbe:
failureThreshold: 2 failureThreshold: 2
httpGet: httpGet:

2
tests/integration/update_cluster/many-addons-ccm/data/aws_s3_object_minimal.example.com-addons-bootstrap_content
View File

@ -163,7 +163,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.19 - id: k8s-1.19
manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml
manifestHash: 97f75cedc9208b8d37418564846048f683c92df8d0561bf25b04814854c65cef manifestHash: 363855c5ab9b0d6ee65c97da156fc9921f1edc71010a7c307211434e1d214a1b
name: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-controller.addons.k8s.io
needsPKI: true needsPKI: true
selector: selector:

584
tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-aws-load-balancer-controller.addons.k8s.io-k8s-1.19_content
View File

@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -41,20 +41,37 @@ spec:
description: IngressClassParams is the Schema for the IngressClassParams API description: IngressClassParams is the Schema for the IngressClassParams API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: IngressClassParamsSpec defines the desired state of IngressClassParams description: IngressClassParamsSpec defines the desired state of IngressClassParams
properties: properties:
PrefixListsIDs:
description: PrefixListsIDs defines the security group prefix lists
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
certificateArn:
description: CertificateArn specifies the ARN of the certificates
for all Ingresses that belong to IngressClass with this IngressClassParams.
items:
type: string
type: array
group: group:
description: Group defines the IngressGroup for all Ingresses that description: Group defines the IngressGroup for all Ingresses that
belong to IngressClass with this IngressClassParams. belong to IngressClass with this IngressClassParams.
@ -77,7 +94,47 @@ spec:
enum: enum:
- ipv4 - ipv4
- dualstack - dualstack
- dualstack-without-public-ipv4
type: string type: string
ipamConfiguration:
description: IPAMConfiguration defines the IPAM settings for a Load
Balancer.
properties:
ipv4IPAMPoolId:
description: IPv4IPAMPoolId defines the IPAM pool ID used for
IPv4 Addresses on the ALB.
type: string
type: object
listeners:
description: Listeners define a list of listeners with their protocol,
port and attributes.
items:
properties:
listenerAttributes:
description: The attributes of the listener
items:
description: Attributes defines custom attributes on resources.
properties:
key:
description: The key of the attribute.
type: string
value:
description: The value of the attribute.
type: string
required:
- key
- value
type: object
type: array
port:
description: The port of the listener
format: int32
type: integer
protocol:
description: The protocol of the listener
type: string
type: object
type: array
loadBalancerAttributes: loadBalancerAttributes:
description: LoadBalancerAttributes define the custom attributes to description: LoadBalancerAttributes define the custom attributes to
LoadBalancers for all Ingress that that belong to IngressClass with LoadBalancers for all Ingress that that belong to IngressClass with
@ -96,50 +153,63 @@ spec:
- value - value
type: object type: object
type: array type: array
minimumLoadBalancerCapacity:
description: MinimumLoadBalancerCapacity define the capacity reservation
for LoadBalancers for all Ingress that belong to IngressClass with
this IngressClassParams.
properties:
capacityUnits:
description: The Capacity Units Value.
format: int32
type: integer
required:
- capacityUnits
type: object
namespaceSelector: namespaceSelector:
description: NamespaceSelector restrict the namespaces of Ingresses description: |-
that are allowed to specify the IngressClass with this IngressClassParams. NamespaceSelector restrict the namespaces of Ingresses that are allowed to specify the IngressClass with this IngressClassParams.
* if absent or present but empty, it selects all namespaces. * if absent or present but empty, it selects all namespaces.
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -172,10 +242,11 @@ spec:
items: items:
type: string type: string
type: array type: array
description: Tags specifies subnets in the load balancer's VPC description: |-
where each tag specified in the map key contains one of the Tags specifies subnets in the load balancer's VPC where each
values in the corresponding value list. Exactly one of this tag specified in the map key contains one of the values in the corresponding
or `ids` must be specified. value list.
Exactly one of this or `ids` must be specified.
type: object type: object
type: object type: object
tags: tags:
@ -195,6 +266,13 @@ spec:
- value - value
type: object type: object
type: array type: array
targetType:
description: TargetType defines the target type of target groups for
all Ingresses that belong to IngressClass with this IngressClassParams.
enum:
- instance
- ip
type: string
type: object type: object
type: object type: object
served: true served: true
@ -207,7 +285,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
controller-gen.kubebuilder.io/version: v0.11.1 controller-gen.kubebuilder.io/version: v0.14.0
creationTimestamp: null creationTimestamp: null
labels: labels:
addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io addon.kops.k8s.io/name: aws-load-balancer-controller.addons.k8s.io
@ -242,6 +320,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -251,20 +334,38 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking provides the networking setup for ELBV2 LoadBalancer description: networking provides the networking setup for ELBV2 LoadBalancer
to access targets in TargetGroup. to access targets in TargetGroup.
@ -275,28 +376,30 @@ spec:
items: items:
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -307,24 +410,24 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
properties: properties:
port: port:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -359,6 +462,9 @@ spec:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
type: string type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
it will be automatically inferred. it will be automatically inferred.
@ -368,7 +474,6 @@ spec:
type: string type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -401,6 +506,11 @@ spec:
name: ARN name: ARN
priority: 1 priority: 1
type: string type: string
- description: The AWS TargetGroup's Name
jsonPath: .spec.targetGroupName
name: NAME
priority: 2
type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: AGE name: AGE
type: date type: date
@ -410,20 +520,34 @@ spec:
description: TargetGroupBinding is the Schema for the TargetGroupBinding API description: TargetGroupBinding is the Schema for the TargetGroupBinding API
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: |-
of an object. Servers should convert recognized schemas to the latest APIVersion defines the versioned schema of this representation of an object.
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: |-
object represents. Servers may infer this from the endpoint the client Kind is a string value representing the REST resource this object represents.
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding description: TargetGroupBindingSpec defines the desired state of TargetGroupBinding
properties: properties:
assumeRoleExternalId:
description: IAM Role ARN to assume when calling AWS APIs. Needed
to assume a role in another account and prevent the confused deputy
problem. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
type: string
iamRoleArnToAssume:
description: IAM Role ARN to assume when calling AWS APIs. Useful
if the target group is in a different AWS account
type: string
ipAddressType: ipAddressType:
description: ipAddressType specifies whether the target group is of description: ipAddressType specifies whether the target group is of
type IPv4 or IPv6. If unspecified, it will be automatically inferred. type IPv4 or IPv6. If unspecified, it will be automatically inferred.
@ -431,6 +555,10 @@ spec:
- ipv4 - ipv4
- ipv6 - ipv6
type: string type: string
multiClusterTargetGroup:
description: MultiClusterTargetGroup Denotes if the TargetGroup is
shared among multiple clusters
type: boolean
networking: networking:
description: networking defines the networking rules to allow ELBV2 description: networking defines the networking rules to allow ELBV2
LoadBalancer to access targets in TargetGroup. LoadBalancer to access targets in TargetGroup.
@ -443,28 +571,30 @@ spec:
of traffic that is allowed to access TargetGroup's targets. of traffic that is allowed to access TargetGroup's targets.
properties: properties:
from: from:
description: List of peers which should be able to access description: |-
the targets in TargetGroup. At least one NetworkingPeer List of peers which should be able to access the targets in TargetGroup.
should be specified. At least one NetworkingPeer should be specified.
items: items:
description: NetworkingPeer defines the source/destination description: NetworkingPeer defines the source/destination
peer for networking rules. peer for networking rules.
properties: properties:
ipBlock: ipBlock:
description: IPBlock defines an IPBlock peer. If specified, description: |-
none of the other fields can be set. IPBlock defines an IPBlock peer.
If specified, none of the other fields can be set.
properties: properties:
cidr: cidr:
description: CIDR is the network CIDR. Both IPV4 description: |-
or IPV6 CIDR are accepted. CIDR is the network CIDR.
Both IPV4 or IPV6 CIDR are accepted.
type: string type: string
required: required:
- cidr - cidr
type: object type: object
securityGroup: securityGroup:
description: SecurityGroup defines a SecurityGroup description: |-
peer. If specified, none of the other fields can SecurityGroup defines a SecurityGroup peer.
be set. If specified, none of the other fields can be set.
properties: properties:
groupID: groupID:
description: GroupID is the EC2 SecurityGroupID. description: GroupID is the EC2 SecurityGroupID.
@ -475,9 +605,9 @@ spec:
type: object type: object
type: array type: array
ports: ports:
description: List of ports which should be made accessible description: |-
on the targets in TargetGroup. If ports is empty or unspecified, List of ports which should be made accessible on the targets in TargetGroup.
it defaults to all ports with TCP. If ports is empty or unspecified, it defaults to all ports with TCP.
items: items:
description: NetworkingPort defines the port and protocol description: NetworkingPort defines the port and protocol
for networking rules. for networking rules.
@ -486,15 +616,15 @@ spec:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: The port which traffic must match. When description: |-
NodePort endpoints(instance TargetType) is used, The port which traffic must match.
this must be a numerical port. When Port endpoints(ip When NodePort endpoints(instance TargetType) is used, this must be a numerical port.
TargetType) is used, this can be either numerical When Port endpoints(ip TargetType) is used, this can be either numerical or named port on pods.
or named port on pods. if port is unspecified, it if port is unspecified, it defaults to all ports.
defaults to all ports.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
protocol: protocol:
description: The protocol which traffic must match. description: |-
The protocol which traffic must match.
If protocol is unspecified, it defaults to TCP. If protocol is unspecified, it defaults to TCP.
enum: enum:
- TCP - TCP
@ -516,41 +646,42 @@ spec:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: A label selector requirement is a selector that description: |-
contains values, a key, and an operator that relates the key A label selector requirement is a selector that contains values, a key, and an operator that
and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string type: string
operator: operator:
description: operator represents a key's relationship to description: |-
a set of values. Valid operators are In, NotIn, Exists operator represents a key's relationship to a set of values.
and DoesNotExist. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string type: string
values: values:
description: values is an array of string values. If the description: |-
operator is In or NotIn, the values array must be non-empty. values is an array of string values. If the operator is In or NotIn,
If the operator is Exists or DoesNotExist, the values the values array must be non-empty. If the operator is Exists or DoesNotExist,
array must be empty. This array is replaced during a strategic the values array must be empty. This array is replaced during a strategic
merge patch. merge patch.
items: items:
type: string type: string
type: array type: array
x-kubernetes-list-type: atomic
required: required:
- key - key
- operator - operator
type: object type: object
type: array type: array
x-kubernetes-list-type: atomic
matchLabels: matchLabels:
additionalProperties: additionalProperties:
type: string type: string
description: matchLabels is a map of {key,value} pairs. A single description: |-
{key,value} in the matchLabels map is equivalent to an element matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
of matchExpressions, whose key field is "key", the operator map is equivalent to an element of matchExpressions, whose key field is "key", the
is "In", and the values array contains only "value". The requirements operator is "In", and the values array contains only "value". The requirements are ANDed.
are ANDed.
type: object type: object
type: object type: object
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
@ -574,7 +705,9 @@ spec:
targetGroupARN: targetGroupARN:
description: targetGroupARN is the Amazon Resource Name (ARN) for description: targetGroupARN is the Amazon Resource Name (ARN) for
the TargetGroup. the TargetGroup.
minLength: 1 type: string
targetGroupName:
description: targetGroupName is the Name of the TargetGroup.
type: string type: string
targetType: targetType:
description: targetType is the TargetType of TargetGroup. If unspecified, description: targetType is the TargetType of TargetGroup. If unspecified,
@ -583,9 +716,12 @@ spec:
- instance - instance
- ip - ip
type: string type: string
vpcID:
description: VpcID is the VPC of the TargetGroup. If unspecified,
it will be automatically inferred.
type: string
required: required:
- serviceRef - serviceRef
- targetGroupARN
type: object type: object
status: status:
description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding description: TargetGroupBindingStatus defines the observed state of TargetGroupBinding
@ -676,6 +812,15 @@ metadata:
k8s-addon: aws-load-balancer-controller.addons.k8s.io k8s-addon: aws-load-balancer-controller.addons.k8s.io
name: aws-load-balancer-controller-role name: aws-load-balancer-controller-role
rules: rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -791,6 +936,245 @@ rules:
verbs: verbs:
- patch - patch
- update - update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- listenerruleconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- loadbalancerconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.k8s.aws
resources:
- targetgroupconfigurations/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/finalizers
verbs:
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- gateways/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- grpcroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- referencegrants
verbs:
- get
- list
- patch
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tcproutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- tlsroutes/status
verbs:
- get
- patch
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/finalizers
verbs:
- update
- apiGroups:
- gateway.networking.k8s.io
resources:
- udproutes/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- networking.k8s.io - networking.k8s.io
resources: resources:
@ -939,7 +1323,7 @@ spec:
fieldRef: fieldRef:
apiVersion: v1 apiVersion: v1
fieldPath: spec.nodeName fieldPath: spec.nodeName
image: public.ecr.aws/eks/aws-load-balancer-controller:v2.7.2 image: public.ecr.aws/eks/aws-load-balancer-controller:v2.13.4
livenessProbe: livenessProbe:
failureThreshold: 2 failureThreshold: 2
httpGet: httpGet:

2
tests/integration/update_cluster/many-addons/data/aws_s3_object_many-addons.example.com-addons-bootstrap_content
View File

@ -212,7 +212,7 @@ spec:
version: 9.99.0 version: 9.99.0
- id: k8s-1.19 - id: k8s-1.19
manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml manifest: aws-load-balancer-controller.addons.k8s.io/k8s-1.19.yaml
manifestHash: 11a3bab6b2bb71c805901ade80e93d2eec8b8cb4e40ff84519148b6b2f49e3f0 manifestHash: 0242da3de2a57325be6959a8aa3e58fe5c2099e2b53db502501f2ba11bd69afe
name: aws-load-balancer-controller.addons.k8s.io name: aws-load-balancer-controller.addons.k8s.io
needsPKI: true needsPKI: true
selector: selector: